- From: Anne van Kesteren <annevk@opera.com>
- Date: Fri, 23 Nov 2007 11:40:58 +0100
- To: "Bjoern Hoehrmann" <derhoermi@gmx.net>, public-webapi@w3.org
On Thu, 22 Nov 2007 19:33:27 +0100, Bjoern Hoehrmann <derhoermi@gmx.net> wrote: > It seems the current draft does not discuss HttpOnly cookies and other > headers that implementations may not want to expose. Can we have a Se- > curity Considerations section that clarifies that implementations may, > at their discretion, not expose certain headers, perhaps giving Http- > Only cookies as an example where that may be desired? I would expect any > future HttpOnly cookie specification to discuss its relationship with > XmlHTTPRequest in more detail, so I don't think we should include more > of it than citing it as example. I added this: http://dev.w3.org/2006/webapi/XMLHttpRequest/#security -- Anne van Kesteren <http://annevankesteren.nl/> <http://www.opera.com/>
Received on Friday, 23 November 2007 10:41:05 UTC