> > Is there no way to make the unique origin sandboxed iframe cookieless? I
> > suppose, if not, the containing page could create a fresh unique origin
> > sandboxed iframe per request, but seems rather heavy. Would that
> > successfully render the resulting network messages cookieless?
>
> Cookies (and HTTP authentication) in a request do not depend on the source
> but on the destination. So XMLHttpRequest would have to be explicitly told
> not to include them for one reason or another.
>
Doh! Momentary confusion on my part. Thanks for catching this.
--
Cheers,
--MarkM