- From: Ian Hickson <ian@hixie.ch>
- Date: Wed, 20 Feb 2008 21:26:21 +0000 (UTC)
- To: Jonas Sicking <jonas@sicking.cc>
- Cc: "WAF WG (public)" <public-appformats@w3.org>
On Tue, 19 Feb 2008, Jonas Sicking wrote: > > Should we send cookies and auth headers for cross site requests: > For now we decided not to, but i'd like to bring this issue up in other forums > too, will do so here shortly. This issue will not be dealt with tomorrow since > it's simply to big to reach a conclusion. For what it's worth, lack of user credentials on the request would make most uses of cross-domain XHR pretty much useless for us. We need to know who the user is so that we can affect their data, and we don't want to give the remote site access to those credentials. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
Received on Wednesday, 20 February 2008 21:26:41 UTC