Hacker News new | ask | show | jobs
by kuschku 3333 days ago
The whole point is to allow any site to access any other site, just like plain TCP sockets, without stealing your cookies.

If the site wants to access google.com with its own cookies, fine, why not?
1 comments
hdhzy 3333 days ago
Could you elaborate on the "stealing your cookies" part?

Cookies are sent only to the origin that set them and (except XSS attacks) are not revealed to anyone else. So who exactly is stealing them?

link
kuschku 3333 days ago
Well, currently, nothing. But currently, the web is completely broken.

If you want web-applications to be powerful, and open, you also need to be able to have any web application to access any URL.

Why should only mail.google.com be able to access my emails, and not also my-little-opensource-webmail.com ?

To faciliate that, without also adding cookie stealing back in, you need to allow any website to open standard TCP sockets.

link