- From: Mike West <notifications@github.com>
- Date: Thu, 20 Apr 2017 01:42:12 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 20 April 2017 08:42:44 UTC
Sorry I missed @sleevi's ping earlier. I'm willing to believe that we're making the wrong tradeoff here, and I think there's some justification to considering the implicit correlation of socket connections outside the scope of "credentials" explicitly sent along with requests. There's a bit of a grey area here, since we consider connection-level concepts things like channel ID, token binding, TLS session information, etc. to be fairly explicit cookie-like things, but it's possible we're erring too far on the side of caution. @battre and @msramek from Chrome's privacy team might have more informed opinions. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/341#issuecomment-295636706
Received on Thursday, 20 April 2017 08:42:44 UTC