- From: L. David Baron <notifications@github.com>
- Date: Wed, 31 Oct 2018 06:59:04 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 31 October 2018 13:59:25 UTC
So it seems like this turns something that currently requires sites to actively track (i.e., set a cookie) into something that can now be done passively, since it at least *looks* like this is proposing that the HTTP state token be sent whether or not the site requests it. Though maybe that's not the intent, and the idea is that it would only be sent after `Sec-HTTP-State-Options` has been received? (But if that's the case, how will the first request be connected to the rest.) -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/297#issuecomment-434697190
Received on Wednesday, 31 October 2018 13:59:25 UTC