- From: Maciej Stachowiak <mjs@apple.com>
- Date: Tue, 8 Jul 2008 19:53:40 -0700
- To: Anne van Kesteren <annevk@opera.com>
- Cc: WebApps WG <public-webapps@w3.org>
Hi Anne, Great changes. One comment: On Jul 8, 2008, at 12:31 PM, Anne van Kesteren wrote: > * Access-Control-Credentials provides an opt in mechanism for > credentials. Whether or not credentials are included in the request > depends on the "credentials flag", which is set by a hosting > specification. Preflight requests are always without credentials. This does not match my understanding of what we agreed to at the face- to-face meeting, which was that cookies would be auto-negotiated for GET request by default for XHR2. Neither setting of the credentials flag matches this. We need to either replace the true value with negotiate mode, or make the flag a tri-state of true/false/negotiate, with XHR2 defaulting to negotiate. Regards, Maciej
Received on Wednesday, 9 July 2008 02:54:22 UTC