W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2008

Re: Opting in to cookies - proposal

From: Maciej Stachowiak <mjs@apple.com>
Date: Fri, 13 Jun 2008 17:05:39 -0700
Cc: Web Applications Working Group WG <public-webapps@w3.org>
Message-Id: <E8FCCEC8-0759-4770-B598-A270D9C60F7A@apple.com>
To: Jonas Sicking <jonas@sicking.cc>


On Jun 13, 2008, at 4:56 PM, Jonas Sicking wrote:

>
> Hi All,
>
> Since I haven't received any feedback on the various straw-men in  
> the "Opting in to cookies" thread, I'll send a full proposal (wrote  
> most of this yesterday, Thomas wrote some opinions on cookies this  
> morning).
>
> First off, as before, when I talk about "cookies" in this mail I  
> really
> mean cookies + digest auth headers + any other headers that carry the
> users credentials to a site. However i'll just use the term "cookies"
> for readability, and since that is on the web currently the most
> common carrier of credentials.
>
> So here goes:
>
> When loading a resource using access-control associate the request  
> with
> a "with credentials" flag.
>
> When the resource is loaded using an URI which starts with the string
> "user-private:" set the "with credentials" flag to true. Otherwise set
> it to false.

How could an http or https URI start with the string "user-private:"?  
Are you proposing a new URI scheme?

Regards,
Maciej
Received on Saturday, 14 June 2008 00:06:19 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:25 GMT