W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2008

Re: Opting in to cookies - proposal

From: Jonas Sicking <jonas@sicking.cc>
Date: Fri, 13 Jun 2008 17:20:10 -0700
Message-ID: <48530EBA.6060000@sicking.cc>
To: Maciej Stachowiak <mjs@apple.com>
CC: Web Applications Working Group WG <public-webapps@w3.org>

Maciej Stachowiak wrote:
> 
> 
> On Jun 13, 2008, at 4:56 PM, Jonas Sicking wrote:
> 
>>
>> Hi All,
>>
>> Since I haven't received any feedback on the various straw-men in the 
>> "Opting in to cookies" thread, I'll send a full proposal (wrote most 
>> of this yesterday, Thomas wrote some opinions on cookies this morning).
>>
>> First off, as before, when I talk about "cookies" in this mail I really
>> mean cookies + digest auth headers + any other headers that carry the
>> users credentials to a site. However i'll just use the term "cookies"
>> for readability, and since that is on the web currently the most
>> common carrier of credentials.
>>
>> So here goes:
>>
>> When loading a resource using access-control associate the request with
>> a "with credentials" flag.
>>
>> When the resource is loaded using an URI which starts with the string
>> "user-private:" set the "with credentials" flag to true. Otherwise set
>> it to false.
> 
> How could an http or https URI start with the string "user-private:"? 
> Are you proposing a new URI scheme?

My proposal is for nesting schemes, so you'd load 
user-private:http://example.com/address.php

/ Jonas
Received on Saturday, 14 June 2008 00:23:55 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:25 GMT