📅 Original date posted:2014-05-11
📝 Original message:Would it be a terrible idea to amend BIP 70 to suggest implementors include
a "Access-Control-Allow-Origin: *" response header for their payment
request responses? I don't think this opens up any useful attack vectors.
I ask because this would make it practical for pure HTML5 web wallets to
use the payment protocol entirely in-browser. Without this I think it would
be necessary for the server hosting the wallet's HTML to fetch payment
requests on the browser's behalf. This is somewhat inelegant and has
security/resource implications for the back-end.
-Andy
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20140511/0ad12a9d/attachment.html>;
Andy Alness [ARCHIVE] /
npub1xl…kfzv5
2023-06-07 15:21:16
in reply to nevent1q…83nd
Author Public Key
npub1xljjfnrwkp7tg7lyc2624rd2pt5cht3tna00wqad290wxkjw0t7qvkfzv5Published at
2023-06-07 15:21:16Event JSON
{
"id": "e99a5d662f63a357d1f7332f0ac7675995cf50dd7d4a4d738e8c3df3cb87176e",
"pubkey": "37e524cc6eb07cb47be4c2b4aa8daa0ae98bae2b9f5ef703ad515ee35a4e7afc",
"created_at": 1686151276,
"kind": 1,
"tags": [
[
"e",
"a75579af187fb66f804a7be6680c0e93fabed044f987298d089838c08370ba96",
"",
"reply"
],
[
"p",
"a23dbf6c6cc83e14cc3df4e56cc71845f611908084cfe620e83e40c06ccdd3d0"
]
],
"content": "📅 Original date posted:2014-05-11\n📝 Original message:Would it be a terrible idea to amend BIP 70 to suggest implementors include\na \"Access-Control-Allow-Origin: *\" response header for their payment\nrequest responses? I don't think this opens up any useful attack vectors.\n\nI ask because this would make it practical for pure HTML5 web wallets to\nuse the payment protocol entirely in-browser. Without this I think it would\nbe necessary for the server hosting the wallet's HTML to fetch payment\nrequests on the browser's behalf. This is somewhat inelegant and has\nsecurity/resource implications for the back-end.\n\n-Andy\n-------------- next part --------------\nAn HTML attachment was scrubbed...\nURL: \u003chttp://lists.linuxfoundation.org/pipermail/bitcoin-dev/attachments/20140511/0ad12a9d/attachment.html\u003e",
"sig": "fae991d458cd2ab660a827635e1c564ce86bd58c78b2a5891d880b7556ea885eb43b8c0d45e3a0e2d6a3b265453b9a7697d661b07f07494a594a9b3bc4b797dd"
}