- From: Jonas Sicking <jonas@sicking.cc>
- Date: Fri, 03 Oct 2008 09:55:52 -0700
- To: Anne van Kesteren <annevk@opera.com>
- CC: Webapps WG <public-webapps@w3.org>
Anne van Kesteren wrote: > On Thu, 02 Oct 2008 01:24:34 +0200, Jonas Sicking <jonas@sicking.cc> wrote: >> I think it would be good if we more explicitly could define the two, >> with cookies vs. without cookies, security modes for Access-Control. >> >> Right now the spec talks about the with-credentials flag either being >> true or false, however it doesn't really receive as much attention as >> for example simple vs. preflighted requests. > > That's because simple vs. preflight requests affect a lot of things. > Whether or not cookies are included doesn't really. It changes enormously much security wise. More so than simple vs. preflighted. / Jonas
Received on Friday, 3 October 2008 16:58:41 UTC