On Sun, Dec 6, 2009 at 8:19 AM, sird@rckc.at <sird@rckc.at> wrote: > 3.- Do you really want to return to the user ALL http headers with > getAllResponseHeaders? think on Set-Cookie + httpOnly I believe most (all?) implementations block returning Set-Cookie headers with HttpOnly cookies. If the spec doesn't say this, it's out of step with common practice. AdamReceived on Sunday, 6 December 2009 16:39:05 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 19 December 2010 00:16:01 GMT