Re: [XHR] anonymous flag

On Mon, May 13, 2013 at 10:57 AM, Hallvord Reiar Michaelsen Steen
<hallvord@opera.com> wrote:
> Does anyone have real, non-contrived use cases for the anonymous flag?

The basic idea was preventing confused deputy attacks by not exposing
any information that could be used as such. So no credentials and no
data about where the request originated from, forcing the architecture
to be token-based effectively. I still think that makes some amount of
sense, but if nobody is keen on implementing that we should indeed
just drop it. Not sending credentials ever however still seems like
something worth preserving (Fetch has a credentials mode for this as
well).


--
http://annevankesteren.nl/

Received on Monday, 13 May 2013 21:28:33 UTC