W3C home > Mailing lists > Public > public-webapi@w3.org > November 2007

Re: XHR: HttpOnly cookies, Security Considerations section

From: Anne van Kesteren <annevk@opera.com>
Date: Fri, 23 Nov 2007 11:40:58 +0100
To: "Bjoern Hoehrmann" <derhoermi@gmx.net>, public-webapi@w3.org
Message-ID: <op.t18qmkny64w2qv@annevk-t60.oslo.opera.com>

On Thu, 22 Nov 2007 19:33:27 +0100, Bjoern Hoehrmann <derhoermi@gmx.net>  
> It seems the current draft does not discuss HttpOnly cookies and other
> headers that implementations may not want to expose. Can we have a Se-
> curity Considerations section that clarifies that implementations may,
> at their discretion, not expose certain headers, perhaps giving Http-
> Only cookies as an example where that may be desired? I would expect any
> future HttpOnly cookie specification to discuss its relationship with
> XmlHTTPRequest in more detail, so I don't think we should include more
> of it than citing it as example.

I added this:


Anne van Kesteren
Received on Friday, 23 November 2007 10:41:05 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 21:16:24 UTC