Re: [access-control] Update

Hi Anne,

Great changes. One comment:

On Jul 8, 2008, at 12:31 PM, Anne van Kesteren wrote:

> * Access-Control-Credentials provides an opt in mechanism for  
> credentials. Whether or not credentials are included in the request  
> depends on the "credentials flag", which is set by a hosting  
> specification. Preflight requests are always without credentials.

This does not match my understanding of what we agreed to at the face- 
to-face meeting, which was that cookies would be auto-negotiated for  
GET request by default for XHR2. Neither setting of the credentials  
flag matches this. We need to either replace the true value with  
negotiate mode, or make the flag a tri-state of true/false/negotiate,  
with XHR2 defaulting to negotiate.

Regards,
Maciej

Received on Wednesday, 9 July 2008 02:54:22 UTC