Re: To cookie or not to cookie

Brad Porter wrote:
> Is there any chance you could make it a configurable user privacy/security option?  "Send cookies with cross-site xhr requests" and default to "no".  Then if a site does introduce a vulnerability it doesn't affect the masses and the workaround doesn't require switching to another browser altogether.

Technicall it's trivial to make it a user option. However I don't see 
how it makes any logical sense. If the default is to not send cookies 
then no server is going to want to rely in them being sent. And for the 
very tiny number of users that would tweak such a pref, they are very 
much exposing themselves to servers that do not expect cookies to be 
sent and will unchecked send private data when cookies are sent.

/ Jonas

Received on Tuesday, 26 February 2008 19:54:00 UTC