@julian I've done a review on FEP-fe34 and here's a more nuanced answer.The same-origin assumption is necessary for authentication, because it is not possible to not trust the server of origin.But it is not necessary for authorization. It is desirable, because that makes authorization procedures aligned with authentication procedures. But we can shift the burden of permission checks to the recipient.We might even have to do this, if we discover that servers accepting arbitrary payloads (C2S, FEP-ae97) can't reliably enforce the isolation of actors.But for the time being, you can accept same-origin admin deletions.
