- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Mon, 23 Jun 2008 21:57:11 +0200
- To: Jonas Sicking <jonas@sicking.cc>
- Cc: Web Applications Working Group WG <public-webapps@w3.org>
* Jonas Sicking wrote: >I'm not quite following what you are asking here. My proposal is about >giving a site the ability to enable two "modes" of Access-Control: > >1. Allow a third-party site to read the data on this resource, and/or > perform unsafe methods in HTTP requests to this resource. When > these requests are sent any cookie and/or auth headers (for the > resource) are included in the request, just as if had been a > same-site XHR request. >2. Same as above, but requests never include cookies or auth headers > are never included. > >In the spec currently only mode 1 is possible. I suggest that we make >mode 2 possible as well. I guess you can call it "opting out of cookies" >as well... I am proposing that there be only a single mode unless it can clearly be demonstrated that having two modes would be a substantial net gain. As far as I am aware, this has not been established for a with-cookie mode if the no-cookie mode is the default, and my questions focus on learning more about the with-cookie mode. -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de Weinh. Str. 22 · Telefon: +49(0)621/4309674 · http://www.bjoernsworld.de 68309 Mannheim · PGP Pub. KeyID: 0xA4357E78 · http://www.websitedev.de/
Received on Monday, 23 June 2008 19:57:49 UTC