W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2008

Re: [AC] Defining cookieless requests

From: Jonas Sicking <jonas@sicking.cc>
Date: Fri, 03 Oct 2008 09:55:52 -0700
Message-ID: <48E64E98.4070908@sicking.cc>
To: Anne van Kesteren <annevk@opera.com>
CC: Webapps WG <public-webapps@w3.org>

Anne van Kesteren wrote:
> On Thu, 02 Oct 2008 01:24:34 +0200, Jonas Sicking <jonas@sicking.cc> wrote:
>> I think it would be good if we more explicitly could define the two, 
>> with cookies vs. without cookies, security modes for Access-Control.
>>
>> Right now the spec talks about the with-credentials flag either being 
>> true or false, however it doesn't really receive as much attention as 
>> for example simple vs. preflighted requests.
> 
> That's because simple vs. preflight requests affect a lot of things. 
> Whether or not cookies are included doesn't really.

It changes enormously much security wise. More so than simple vs. 
preflighted.

/ Jonas
Received on Friday, 3 October 2008 16:58:41 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:28 GMT