W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2008

Re: [access-control] Update

From: Maciej Stachowiak <mjs@apple.com>
Date: Tue, 8 Jul 2008 19:53:40 -0700
Cc: WebApps WG <public-webapps@w3.org>
Message-Id: <41136A41-14F8-4241-912C-C90DE23E1332@apple.com>
To: Anne van Kesteren <annevk@opera.com>

Hi Anne,

Great changes. One comment:

On Jul 8, 2008, at 12:31 PM, Anne van Kesteren wrote:

> * Access-Control-Credentials provides an opt in mechanism for  
> credentials. Whether or not credentials are included in the request  
> depends on the "credentials flag", which is set by a hosting  
> specification. Preflight requests are always without credentials.

This does not match my understanding of what we agreed to at the face- 
to-face meeting, which was that cookies would be auto-negotiated for  
GET request by default for XHR2. Neither setting of the credentials  
flag matches this. We need to either replace the true value with  
negotiate mode, or make the flag a tri-state of true/false/negotiate,  
with XHR2 defaulting to negotiate.

Received on Wednesday, 9 July 2008 02:54:22 UTC

This archive was generated by hypermail 2.3.1 : Friday, 27 October 2017 07:26:11 UTC