Andy Alness [ARCHIVE] on Nostr: 📅 Original date posted:2014-05-11 📝 Original message:Would it be a terrible ...
📅 Original date posted:2014-05-11
📝 Original message:Would it be a terrible idea to amend BIP 70 to suggest implementors include
a "Access-Control-Allow-Origin: *" response header for their payment
request responses? I don't think this opens up any useful attack vectors.
I ask because this would make it practical for pure HTML5 web wallets to
use the payment protocol entirely in-browser. Without this I think it would
be necessary for the server hosting the wallet's HTML to fetch payment
requests on the browser's behalf. This is somewhat inelegant and has
security/resource implications for the back-end.
-Andy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20140511/0ad12a9d/attachment.html>;
📝 Original message:Would it be a terrible idea to amend BIP 70 to suggest implementors include
a "Access-Control-Allow-Origin: *" response header for their payment
request responses? I don't think this opens up any useful attack vectors.
I ask because this would make it practical for pure HTML5 web wallets to
use the payment protocol entirely in-browser. Without this I think it would
be necessary for the server hosting the wallet's HTML to fetch payment
requests on the browser's behalf. This is somewhat inelegant and has
security/resource implications for the back-end.
-Andy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20140511/0ad12a9d/attachment.html>;