W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2010

[cors] Cookies / Referer

From: Anne van Kesteren <annevk@opera.com>
Date: Fri, 27 Aug 2010 13:51:40 +0200
To: "WebApps WG" <public-webapps@w3.org>
Message-ID: <op.vh3hweqm64w2qv@anne-van-kesterens-macbook-pro.local>
I updated CORS to use the newly introduced "block cookies flag" of the  
HTML5 fetch algorithm. This prevents a response to set cookies. This is  
always used for preflight requests and used for all other requests when  
the credentials flag is false.

In addition the Referer header is excluded for any request when the source  
origin is a globally unique identifier. (As is the case when e.g.  
AnonXMLHttpRequest is used.


I think this is all correct now. Let me know if I missed something:

http://dev.w3.org/2006/waf/access-control/


-- 
Anne van Kesteren
http://annevankesteren.nl/
Received on Friday, 27 August 2010 11:52:14 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:40 GMT