Re: [spec-reviews] "With Credentials" flag possibly inconsistent with web architecture (#76) from Anne van Kesteren on 2016-02-12 (public-webapps-github@w3.org from February 2016)

From: Anne van Kesteren <notifications@github.com>
Date: Fri, 12 Feb 2016 01:20:40 -0800
To: w3ctag/spec-reviews <spec-reviews@noreply.github.com>
Message-ID: <w3ctag/spec-reviews/issues/76/183246860@github.com>

1. Client certificates are part of "credentials mode".
2. CORS has had "credentials mode" in one way or another from the start. (Unless we're talking about drafts before things got implemented and shipped.)

I think what's closest to what @timbl is looking for is mode "cors" and credentials mode "omit". Never include any kind of client state and just let the server answer or not. The moment you want to include ambient authority it gets more complicated and the function can no longer be seen as just a URL.

---
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/spec-reviews/issues/76#issuecomment-183246860

Received on Friday, 12 February 2016 09:21:17 UTC