W3C home > Mailing lists > Public > public-web-security@w3.org > February 2013

CORS question

From: Brandon Sterne <brandon@hackmill.com>
Date: Tue, 5 Feb 2013 13:38:15 -0800
Message-ID: <CADXmT7DN+gcuLdrAT=+6r_WnW2aitDwez6xUbRooD+o4MtC9hg@mail.gmail.com>
To: public-web-security@w3.org
Hey guys,

Co-workers of mine were trying to understand the treat model of CORS, and I
was having trouble articulating some of the particular risks that the spec
attempts to avoid.  Why does the OPTIONS pre-flight request never carry
credentials?

Thanks,
Brandon
Received on Tuesday, 5 February 2013 22:10:44 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Tuesday, 5 February 2013 22:10:44 GMT