W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2011

[cors] Failed sharing check and cookies

From: Anne van Kesteren <annevk@opera.com>
Date: Tue, 11 Oct 2011 12:53:35 +0900
To: "WebApps WG" <public-webapps@w3.org>
Message-ID: <op.v2543luw64w2qv@annevk-macbookpro.local>
Currently if a resource sharing check fails cookies will still be set for  
a credentialed request similarly to how they would be with <form> or  
<img>. However, it seems that HTML defines for <img crossorigin> that the  
UA must act as if there was no response at all. That does not work of  
course for the normal <img> case where the server could still opt in to  
sharing, but would work for XMLHttpRequest.

I think I will try to adopt that stricter behavior. Please speak up if you  
disagree.


-- 
Anne van Kesteren
http://annevankesteren.nl/
Received on Tuesday, 11 October 2011 03:54:14 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:48 GMT