- From: Jonas Sicking <jonas@sicking.cc>
- Date: Wed, 09 Jul 2008 13:27:30 -0700
- To: Maciej Stachowiak <mjs@apple.com>
- CC: Anne van Kesteren <annevk@opera.com>, WebApps WG <public-webapps@w3.org>
Maciej Stachowiak wrote: > > Hi Anne, > > Great changes. One comment: > > On Jul 8, 2008, at 12:31 PM, Anne van Kesteren wrote: > >> * Access-Control-Credentials provides an opt in mechanism for >> credentials. Whether or not credentials are included in the request >> depends on the "credentials flag", which is set by a hosting >> specification. Preflight requests are always without credentials. > > This does not match my understanding of what we agreed to at the > face-to-face meeting, which was that cookies would be auto-negotiated > for GET request by default for XHR2. Neither setting of the credentials > flag matches this. We need to either replace the true value with > negotiate mode, or make the flag a tri-state of true/false/negotiate, > with XHR2 defaulting to negotiate. Actually, that was not my recollection of what we agreed on. Using the "double GET" proposal is incompatible with preflight-less POST, which meant that we couldn't get IE compat. So given a commitment from microsoft to use the AC syntax, we said that that tipped the advantage enough in favor of the "api flag" proposal. At least that was my understanding. / Jonas
Received on Wednesday, 9 July 2008 20:28:35 UTC