- From: Anne van Kesteren <notifications@github.com>
- Date: Fri, 12 Feb 2016 01:20:40 -0800
- To: w3ctag/spec-reviews <spec-reviews@noreply.github.com>
Received on Friday, 12 February 2016 09:21:17 UTC
1. Client certificates are part of "credentials mode". 2. CORS has had "credentials mode" in one way or another from the start. (Unless we're talking about drafts before things got implemented and shipped.) I think what's closest to what @timbl is looking for is mode "cors" and credentials mode "omit". Never include any kind of client state and just let the server answer or not. The moment you want to include ambient authority it gets more complicated and the function can no longer be seen as just a URL. --- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/spec-reviews/issues/76#issuecomment-183246860
Received on Friday, 12 February 2016 09:21:17 UTC