- From: Jonas Sicking <jonas@sicking.cc>
- Date: Fri, 13 Jun 2008 17:20:10 -0700
- To: Maciej Stachowiak <mjs@apple.com>
- CC: Web Applications Working Group WG <public-webapps@w3.org>
Maciej Stachowiak wrote: > > > On Jun 13, 2008, at 4:56 PM, Jonas Sicking wrote: > >> >> Hi All, >> >> Since I haven't received any feedback on the various straw-men in the >> "Opting in to cookies" thread, I'll send a full proposal (wrote most >> of this yesterday, Thomas wrote some opinions on cookies this morning). >> >> First off, as before, when I talk about "cookies" in this mail I really >> mean cookies + digest auth headers + any other headers that carry the >> users credentials to a site. However i'll just use the term "cookies" >> for readability, and since that is on the web currently the most >> common carrier of credentials. >> >> So here goes: >> >> When loading a resource using access-control associate the request with >> a "with credentials" flag. >> >> When the resource is loaded using an URI which starts with the string >> "user-private:" set the "with credentials" flag to true. Otherwise set >> it to false. > > How could an http or https URI start with the string "user-private:"? > Are you proposing a new URI scheme? My proposal is for nesting schemes, so you'd load user-private:http://example.com/address.php / Jonas
Received on Saturday, 14 June 2008 00:23:55 UTC