- From: Arthur Barstow <art.barstow@nokia.com>
- Date: Mon, 6 Oct 2008 15:17:08 -0400
- To: ext Jonas Sicking <jonas@sicking.cc>, Anne van Kesteren <annevk@opera.com>
- Cc: Webapps WG <public-webapps@w3.org>
Jonas, On Oct 3, 2008, at 12:55 PM, ext Jonas Sicking wrote: > > Anne van Kesteren wrote: >> On Thu, 02 Oct 2008 01:24:34 +0200, Jonas Sicking >> <jonas@sicking.cc> wrote: >>> I think it would be good if we more explicitly could define the >>> two, with cookies vs. without cookies, security modes for Access- >>> Control. >>> >>> Right now the spec talks about the with-credentials flag either >>> being true or false, however it doesn't really receive as much >>> attention as for example simple vs. preflighted requests. >> That's because simple vs. preflight requests affect a lot of >> things. Whether or not cookies are included doesn't really. > > It changes enormously much security wise. More so than simple vs. > preflighted. Do have some specific text to propose? Perhaps some of the rationale in your original e-mail in this thread [1] could be leveraged. -Regards, Art Barstow [1] <<http://www.w3.org/mid/48E406B2.4050104@sicking.cc> > > / Jonas >
Received on Monday, 6 October 2008 19:18:25 UTC