Anne van Kesteren wrote: > On Thu, 02 Oct 2008 01:24:34 +0200, Jonas Sicking <jonas@sicking.cc> wrote: >> I think it would be good if we more explicitly could define the two, >> with cookies vs. without cookies, security modes for Access-Control. >> >> Right now the spec talks about the with-credentials flag either being >> true or false, however it doesn't really receive as much attention as >> for example simple vs. preflighted requests. > > That's because simple vs. preflight requests affect a lot of things. > Whether or not cookies are included doesn't really. It changes enormously much security wise. More so than simple vs. preflighted. / JonasReceived on Friday, 3 October 2008 16:58:41 GMT
This archive was generated by hypermail 2.2.0+W3C-0.50 : Monday, 7 December 2009 10:43:01 GMT