- From: Ben Kelly <notifications@github.com>
- Date: Fri, 04 Dec 2015 06:55:25 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
Received on Friday, 4 December 2015 14:55:52 UTC
Yea, I think my suggestion had the same logic bug. (In gecko our flag is reversed... LOAD_ANONYMOUS means to exclude credentials. It confuses me, sorry.) What we want to do for same-origin credentials is only send credentials when we have never been cross-origin for either the cors or no-cors case. In the cors mode case we can look at CORS flag, but for no-cors we use opaque tainting to indicate "ever cross-origin". I think the current text is wrong, both for the origin reason I stated and also the one you point out about the CORS flag being unset for no-cors. --- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/169#issuecomment-161985925
Received on Friday, 4 December 2015 14:55:52 UTC