W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2009

[whatwg] Accessing cookies from workers

From: Jonas Sicking <jonas@sicking.cc>
Date: Thu, 5 Mar 2009 17:35:19 -0800
Message-ID: <63df84f0903051735j4e3c7bc7he8daeb52cb8cd6ae@mail.gmail.com>
On Thu, Mar 5, 2009 at 5:33 PM, Michael Nordman <michaeln at google.com> wrote:
> On Thu, Mar 5, 2009 at 5:23 PM, Michael Nordman <michaeln at google.com> wrote:
>>> Allowing cookie to be set would unfortunately create a synchronous
>>> communication channel between the worker and the main window. This is
>>> something that we need to avoid to prevent users from having to deal
>>> with locking and other thread related issues.
>>
>> Hmmm... the cookie setting API could be async in workers.
>
> In the absence of providing such an API, one exists (provided network
> connectivity) indirectly in the form the XHR... ask the server to
> either read or set cookies values for you.

Gecko, and I believe the latest XHR spec drafts, have disabled access
to cookies through XHR in order to prevent leaking of HTTPOnly
cookies.

/ Jonas
Received on Thursday, 5 March 2009 17:35:19 GMT

This archive was generated by hypermail 2.2.0+W3C-0.50 : Wednesday, 30 January 2013 18:47:49 GMT