W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2008

Re: Opting in to cookies - proposal

From: Bjoern Hoehrmann <derhoermi@gmx.net>
Date: Mon, 23 Jun 2008 21:57:11 +0200
To: Jonas Sicking <jonas@sicking.cc>
Cc: Web Applications Working Group WG <public-webapps@w3.org>
Message-ID: <pfvv54h19fplmr1ihv283emml2c6ustt6k@hive.bjoern.hoehrmann.de>

* Jonas Sicking wrote:
>I'm not quite following what you are asking here. My proposal is about 
>giving a site the ability to enable two "modes" of Access-Control:
>
>1. Allow a third-party site to read the data on this resource, and/or
>    perform unsafe methods in HTTP requests to this resource. When
>    these requests are sent any cookie and/or auth headers (for the
>    resource) are included in the request, just as if had been a
>    same-site XHR request.
>2. Same as above, but requests never include cookies or auth headers
>    are never included.
>
>In the spec currently only mode 1 is possible. I suggest that we make 
>mode 2 possible as well. I guess you can call it "opting out of cookies" 
>as well...

I am proposing that there be only a single mode unless it can clearly
be demonstrated that having two modes would be a substantial net gain.
As far as I am aware, this has not been established for a with-cookie
mode if the no-cookie mode is the default, and my questions focus on
learning more about the with-cookie mode.
-- 
Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de
Weinh. Str. 22 · Telefon: +49(0)621/4309674 · http://www.bjoernsworld.de
68309 Mannheim · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/ 
Received on Monday, 23 June 2008 19:57:49 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:26 GMT