- From: Henry Story <henry.story@co-operating.systems>
- Date: Wed, 16 Sep 2015 19:45:01 +0100
- To: Martin Thomson <martin.thomson@gmail.com>
- Cc: Brad Hill <hillbrad@gmail.com>, Tony Arcieri <bascule@gmail.com>, Rigo Wenning <rigo@w3.org>, "public-web-security@w3.org" <public-web-security@w3.org>, Mike O'Neill <michael.oneill@baycloud.com>, Anders Rundgren <anders.rundgren.net@gmail.com>, WebAppSec WG <public-webappsec@w3.org>
> On 16 Sep 2015, at 18:54, Martin Thomson <martin.thomson@gmail.com> wrote: > > On 16 September 2015 at 08:59, Henry Story > <henry.story@co-operating.systems> wrote: >> Cookies respect SOP by design > > This is not correct. Cookies are part of the legacy cruft of the HTTP > protocol. Just as application/x-form-data is > (https://fetch.spec.whatwg.org/#dom-request step 8) It's really difficult to infer from that Step 8 what you are trying to get at. Can you develop just a little bit? Does that actually affect the point I was making? Henry
Received on Wednesday, 16 September 2015 18:45:35 UTC