On 01/21/2014 02:08, Mike Cardwell wrote:
If you can use XMLHttpRequest to perform a request against a machine on your LAN that isn't using CORS, and then read the response, then there is a bug, and you will get a healthily sized cheque from Google or Mozilla for reporting it to them. If you can't read the response then there isn't a bug. What you're seeing is: how the web works.
I think CORS request from global URI into local URL is plain illegal. Global site can't even be doing this, no matter what CORS say. This is beyond the scope of CORS. Global sites can't see local services, no matter what services exist in LAN, and no matter if they use CORS or not.
How can request from www.yahoo.com contain 192.168.1.10 in it? This is just invalid.
Yuri -- tor-talk mailing list - tor-talk@xxxxxxxxxxxxxxxxxxxx To unsubscribe or change other settings go to https://lists.torproject.org/cgi-bin/mailman/listinfo/tor-talk