W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > November 2010

[Bug 11235] Support a rel attribute that restricts cookie transmission

From: <bugzilla@jessica.w3.org>
Date: Mon, 08 Nov 2010 14:20:48 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1PFSaW-0007nk-LM@jessica.w3.org>
http://www.w3.org/Bugs/Public/show_bug.cgi?id=11235

--- Comment #6 from Alexander Romanovich <alex@sirensclef.com> 2010-11-08 14:20:47 UTC ---
A rel="anonymous" would probably fit the bill perfectly (restricting cookies,
HTTP auth, SSL certs, referrer, and origin). (Though according to this source,
the origin header should only sent with script requests of the 3 types of
requests I originally mentioned: https://wiki.mozilla.org/Security/Origin)

I'm in the CMS business, and I'm thinking here of all the content we generate
(particularly image thumbnails for individual news stories, etc. which would
not be appropriate to make into sprites). Our product typically drives pretty
large web sites, and the ability to use this flag globally in page output would
probably have a dramatic effect across the board. Removing credentials and
extra headers from these requests is an improvement, and would become an asset
for security as well.

-- 
Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Monday, 8 November 2010 14:20:54 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 8 November 2010 14:20:57 GMT