- From: vanupam <notifications@github.com>
- Date: Tue, 21 Mar 2017 14:26:04 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/fetch/pull/325/review/28242688@github.com>
vanupam commented on this pull request. > +e.g., bind credentials that it issues to the user agent. + +<p>A <a for=/>request</a> has an associated +<dfn export for=request id=concept-request-use-referred-token-binding>use-referred-token-binding flag</dfn>. +Unless stated otherwise, it is unset. + +<p class="note no-backref"><a for=request>Request</a>'s +<a for=request>use-referred-token-binding flag</a> controls whether the user agent will send the +<a for=/>token binding ID</a> used by the user agent for an alternate <a for=request>origin</a>, +in addition to the <a for=/>token binding ID</a> used by the user agent for the +<a for=request>origin</a> of the <a for=/>request</a>'s url, when it transmits the +<a for=/>request</a> to the server. This is used, e.g., by a relying party to indicate +(via the user agent) to the server receiving the <a for=/>request</a> that it wants the +credential issued by the server to be bound to the <a for=/>token binding ID</a> for the +relying party's <a for=request>origin</a> +(instead of the <a for=/>request</a>'s <a for=request>origin</a>). Actually, in this case the request goes to ServerA at the behest of ServerB, and ServerA binds the token for use with ServerB. (Normally, ServerA would only bind the token for use with ServerA) I updated the note. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/325#discussion_r107279703
Received on Tuesday, 21 March 2017 21:26:35 UTC