Re: Opting in to cookies - proposal

* Jonas Sicking wrote:
>I'm not quite following what you are asking here. My proposal is about 
>giving a site the ability to enable two "modes" of Access-Control:
>1. Allow a third-party site to read the data on this resource, and/or
>    perform unsafe methods in HTTP requests to this resource. When
>    these requests are sent any cookie and/or auth headers (for the
>    resource) are included in the request, just as if had been a
>    same-site XHR request.
>2. Same as above, but requests never include cookies or auth headers
>    are never included.
>In the spec currently only mode 1 is possible. I suggest that we make 
>mode 2 possible as well. I guess you can call it "opting out of cookies" 
>as well...

I am proposing that there be only a single mode unless it can clearly
be demonstrated that having two modes would be a substantial net gain.
As far as I am aware, this has not been established for a with-cookie
mode if the no-cookie mode is the default, and my questions focus on
learning more about the with-cookie mode.
Björn Höhrmann · ·
Weinh. Str. 22 · Telefon: +49(0)621/4309674 ·
68309 Mannheim · PGP Pub. KeyID: 0xA4357E78 · 

Received on Monday, 23 June 2008 19:57:49 UTC