- From: Jonas Sicking <notifications@github.com>
- Date: Mon, 04 Apr 2016 20:43:47 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
Received on Tuesday, 5 April 2016 03:44:19 UTC
@mikewest note that i'm only talking about requests whose "credentials mode" is "omit" or "same-origin". For these requests neither cookie nor authorization headers are added by the network layer when the request is going cross-site, and if cookie headers are received in the response they are ignored by the client. So I don't think this would enable session-pinning. The use case is the one that Tim is worrying about over in w3ctag/spec-reviews#76, best I can tell. --- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/268#issuecomment-205628659
Received on Tuesday, 5 April 2016 03:44:19 UTC