While micro-sites and CDNs could still be brought under the same SLD. The biggest blocker as is OAuth. I'd want to make a UX call to see if browser could elegantly prompt the user for a 3rd party interaction.
While we are at it, I keep wondering (in a strictly SSL world) if it would be a good idea to restrict CORS calls only to sites using the same certificate as the webpage. Would make life easier for folks like facebook.com making CORS to fb-blablabla.fbcdn.com.
While we are at it, I keep wondering (in a strictly SSL world) if it would be a good idea to restrict CORS calls only to sites using the same certificate as the webpage. Would make life easier for folks like facebook.com making CORS to fb-blablabla.fbcdn.com.