[was ...]

Aymeric Vitte vitteaymeric at
Fri Jul 13 03:33:04 PDT 2012

Yes it's true, focusing too much on my needs, then forget it
Le 13/07/2012 11:39, Jason Orendorff a écrit :
> On Fri, Jul 13, 2012 at 3:39 AM, Aymeric Vitte <vitteaymeric at> wrote:
>> But coming back to my point, I am not talking about a download like a xhr
>> where you can set cookies, do post requests, etc, just a download that fetch
>> the source, so I don't see it more dangerous than script or img fetching (or
>> System.load) for example.
> It's the difference between exposing every image on your intranet to
> any random web page that asks for it, and exposing all data on your
> intranet to any random web page that asks for it. Any web page could
> start by fetching "http://intranet/" and follow the links from there.
> This kind of comprehensive spidering of an organization's internal
> data is obviously not possible with <img>.
> This is basic browser security stuff.  I strongly suggest reading up
> before posting anything more on this topic.
> -j

Email :  avitte at
Web :
Webble :
Extract Widget Mobile :
BlimpMe! :

More information about the es-discuss mailing list