W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2008

Re: [access-control] Update

From: Maciej Stachowiak <mjs@apple.com>
Date: Tue, 8 Jul 2008 19:53:40 -0700
Cc: WebApps WG <public-webapps@w3.org>
Message-Id: <41136A41-14F8-4241-912C-C90DE23E1332@apple.com>
To: Anne van Kesteren <annevk@opera.com>

Hi Anne,

Great changes. One comment:

On Jul 8, 2008, at 12:31 PM, Anne van Kesteren wrote:

> * Access-Control-Credentials provides an opt in mechanism for  
> credentials. Whether or not credentials are included in the request  
> depends on the "credentials flag", which is set by a hosting  
> specification. Preflight requests are always without credentials.

This does not match my understanding of what we agreed to at the face- 
to-face meeting, which was that cookies would be auto-negotiated for  
GET request by default for XHR2. Neither setting of the credentials  
flag matches this. We need to either replace the true value with  
negotiate mode, or make the flag a tri-state of true/false/negotiate,  
with XHR2 defaulting to negotiate.

Regards,
Maciej
Received on Wednesday, 9 July 2008 02:54:22 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:27 GMT