W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2009

Re: [XMLHttpRequest] withCredentials=false and returned cookies

From: Anne van Kesteren <annevk@opera.com>
Date: Wed, 12 Aug 2009 13:50:14 +0200
To: "David Levin" <levin@chromium.org>, public-webapps@w3.org
Message-ID: <op.uyjsh0dv64w2qv@annevk-t60>
On Wed, 12 Aug 2009 05:41:57 +0200, David Levin <levin@chromium.org> wrote:
> It appears that both Safari and Firefox ignore returned cookies from a  
> cross origin xhr when the credentials flag is set to false.  This behavior  
> seems very reasonable.
> Should the XMLHttpRequest level 2 spec indicate that this is the expected
> behavior?
> Dave

The editor's draft now states that cookies can only be set when the credentials flag is true.


-- 
Anne van Kesteren
http://annevankesteren.nl/
Received on Wednesday, 12 August 2009 11:50:57 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:33 GMT