Re: [whatwg/fetch] Allow setting `cookie` header in credential-less CORS requests (#268) from Jonas Sicking on 2016-04-04 (public-webapps-github@w3.org from April 2016)

From: Jonas Sicking <notifications@github.com>
Date: Mon, 04 Apr 2016 02:30:55 -0700
To: whatwg/fetch <fetch@noreply.github.com>
Message-ID: <whatwg/fetch/issues/268/205212186@github.com>

Note that i'm only talking about requests whose "credentials mode" is "omit" or "same-origin". For these requests neither `cookie` nor `authorization` headers are added by the network layer when the request is going cross-site.

For same-site requests we would indeed need to define how reconcile headers set through API with headers coming from the network.

And yeah, we should probably also look at exposing cookies in the response. Or at least enable websites to make to make additional requests using such cookies.

---
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/268#issuecomment-205212186

Received on Monday, 4 April 2016 09:31:22 UTC