W3C home > Mailing lists > Public > public-web-security@w3.org > December 2009

Re: call for reviewers: XMLHttpRequest Last Call

From: Adam Barth <w3c@adambarth.com>
Date: Sun, 6 Dec 2009 08:38:05 -0800
Message-ID: <7789133a0912060838p1446912dx733575bdb9bfa2f2@mail.gmail.com>
To: "sird@rckc.at" <sird@rckc.at>
Cc: Thomas Roessler <tlr@w3.org>, public-web-security@w3.org
On Sun, Dec 6, 2009 at 8:19 AM, sird@rckc.at <sird@rckc.at> wrote:
> 3.- Do you really want to return to the user ALL http headers with
> getAllResponseHeaders? think on Set-Cookie + httpOnly

I believe most (all?) implementations block returning Set-Cookie
headers with HttpOnly cookies.  If the spec doesn't say this, it's out
of step with common practice.

Adam
Received on Sunday, 6 December 2009 16:39:05 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Sunday, 19 December 2010 00:16:01 GMT