Re: Update to Access Control for Cross-site Requests

On Mon, 7 Apr 2008, Jonas Sicking wrote:
> 
> I do not think we are ready to go into Last Call. There is a major 
> outstanding issue, which is if cookies and auth headers should be 
> included. Implementation wise this is easy to change, but it 
> significantly changes the semantics of the spec, so I think it's an 
> issue we need to find a resolution for first.

What's the issue, in more detail than "should we include cookies"?

If we can establish the problem we're trying to solve, and the various 
constraints we're under, maybe we can find a better solution. At the 
moment, I'm not really clear on what it is we want to solve that sending 
cookies doesn't solve.

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'

Received on Monday, 7 April 2008 23:55:29 UTC