W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2008

Re: Opting in to cookies - proposal version 3

From: Anne van Kesteren <annevk@opera.com>
Date: Thu, 19 Jun 2008 12:24:00 +0200
To: "Ian Hickson" <ian@hixie.ch>, "Jonas Sicking" <jonas@sicking.cc>
Cc: "Web Applications Working Group WG" <public-webapps@w3.org>
Message-ID: <op.uczq6avq64w2qv@annevk-t60.oslo.opera.com>

On Thu, 19 Jun 2008 11:42:57 +0200, Ian Hickson <ian@hixie.ch> wrote:
> On Thu, 19 Jun 2008, Jonas Sicking wrote:
>>> This has one side-effect, which is that it doesn't work well with XBL
>>> or VBWG in environments where the XBL file (or VXML file) is
>>> customised to the user but accessed cross-site. Is that ok?
>> It doesn't "work well" in the sense that they don't work out-of-the-box.
>> It would be trivial to add a load-private-data pseudo attribute to the
>> <?xbl?> PI that sets the "with credentials" flag to true.
>> However I can't think of a situation where someone wants to load private
>> XBL bindings so I'm totally ok with it being a bit more hassle. It might
>> be a bigger deal for VXML, I don't know since I've not looked at that
>> spec.
> Sounds fair to me. I'll add the attribute to XBL2 when it goes back to LC
> once implementations start, assuming we adopt this.

Ian, it seemed to me you were talking about the server side problem  
because <?access-control?> alone would not be enough. XBL being served  
would need to be served with the appropriate HTTP headers set. (Also, not  
just <?xbl?> would need to be changed but also the other APIs for  
attaching XBL would require changing I presume.)

Anne van Kesteren
Received on Thursday, 19 June 2008 10:23:57 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:10 UTC