W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

Re: XHR and sandboxed iframes

From: Anne van Kesteren <annevk@opera.com>
Date: Wed, 17 Jun 2009 22:55:34 +0200
To: "Mark S. Miller" <erights@google.com>
Cc: "Tyler Close" <tyler.close@gmail.com>, "Adam Barth" <w3c@adambarth.com>, public-webapps <public-webapps@w3.org>
Message-ID: <op.uvosewml64w2qv@anne-van-kesterens-macbook.local>
On Wed, 17 Jun 2009 22:43:07 +0200, Mark S. Miller <erights@google.com>  
wrote:
> Doh! Momentary confusion on my part. Thanks for catching this.

FWIW, by default cross-origin XMLHttpRequest will not include cookies or  
HTTP authentication data. The withCredentials flag would have to be set  
for this and the requested resource would have to specify the  
Access-Control-Allow-Credentials header in the response in addition to the  
Access-Control-Allow-Origin header.


-- 
Anne van Kesteren
http://annevankesteren.nl/
Received on Wednesday, 17 June 2009 20:56:26 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:31 GMT