- From: David Levin <levin@chromium.org>
- Date: Thu, 30 Jul 2009 11:46:55 -0700
- To: public-webapps@w3.org
Received on Thursday, 30 July 2009 18:47:39 UTC
In http://www.w3.org/TR/XMLHttpRequest2/#credentials, it says: "The credentials flag ...indicates whether a non same origin request includes cookie and HTTP authentication data...during the send() algorithm." If withCredentials is false, it seems like the cookies returned from the request shouldn't be stored either, but I couldn't find mention of this. (Why should the cookies returned from this be stored and possibly interfere with same origin requests, especially if the cookies aren't being sent?) Is this true? thanks, dave
Received on Thursday, 30 July 2009 18:47:39 UTC