- From: Anne van Kesteren <notifications@github.com>
- Date: Thu, 11 May 2017 21:13:32 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/fetch/pull/325/review/37750602@github.com>
annevk commented on this pull request. > @@ -966,6 +992,41 @@ for other values. If <cite>HTML</cite> changes here, this standard will need cor Unless stated otherwise, it is unset. <p>A <a for=/>request</a> has an associated +<dfn export for=request id=concept-request-use-token-binding>use-token-binding flag</dfn>. +Unless stated otherwise, it is unset. + +<p class="note no-backref"><a for=/>Request</a>'s <a for=request>use-token-binding flag</a> +controls whether the user agent will send the <a for=/>token binding ID</a> for the +<a for=request>origin</a> of the <a for=/>request</a>'s url when it transmits the +<a for=/>request</a> to the server. The <a for=/>token binding ID</a> can be used by the server to, +e.g., bind HTTP cookies or OAuth tokens that it issues to the user agent. + +<p>A <a for=/>request</a> has an associated +<dfn export for=request id=concept-request-use-referred-token-binding>use-referred-token-binding flag</dfn>. We're not going to change XMLHttpRequest. But apart from that what the API can do doesn't have to be a direct mapping to how we expose things on a request. APIs can always only a do a subset of what you can expose through request so combining these fields for clarity seems reasonable. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/325#discussion_r116150159
Received on Friday, 12 May 2017 04:14:07 UTC