W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

Re: XHR and sandboxed iframes (was: Re: XHR without user credentials)

From: Mark S. Miller <erights@google.com>
Date: Wed, 17 Jun 2009 13:43:07 -0700
Message-ID: <4d2fac900906171343h783c5602id05d69a8be149700@mail.gmail.com>
To: Anne van Kesteren <annevk@opera.com>
Cc: Tyler Close <tyler.close@gmail.com>, Adam Barth <w3c@adambarth.com>, public-webapps <public-webapps@w3.org>
> > Is there no way to make the unique origin sandboxed iframe cookieless? I
> > suppose, if not, the containing page could create a fresh unique origin
> > sandboxed iframe per request, but seems rather heavy. Would that
> > successfully render the resulting network messages cookieless?
> Cookies (and HTTP authentication) in a request do not depend on the source
> but on the destination. So XMLHttpRequest would have to be explicitly told
> not to include them for one reason or another.

Doh! Momentary confusion on my part. Thanks for catching this.

Received on Wednesday, 17 June 2009 20:43:45 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:12:54 UTC