- From: Jonas Sicking <jonas@sicking.cc>
- Date: Tue, 11 Aug 2009 21:55:50 -0700
- To: David Levin <levin@chromium.org>
- Cc: public-webapps@w3.org, Anne van Kesteren <annevk@opera.com>
Indeed, otherwise there's a risk that existing cookies for the site will be overwritten. / Jonas On Tue, Aug 11, 2009 at 8:41 PM, David Levin<levin@chromium.org> wrote: > It appears that both Safari and Firefox ignore returned cookies from a cross > origin xhr when the credentials flag is set to false. This behavior seems > very reasonable. > Should the XMLHttpRequest level 2 spec indicate that this is the expected > behavior? > Dave > > On Thu, Jul 30, 2009 at 11:46 AM, David Levin <levin@chromium.org> wrote: >> >> In http://www.w3.org/TR/XMLHttpRequest2/#credentials, it >> says: "The credentials flag ...indicates whether a non same origin request >> includes cookie and HTTP authentication data...during the send() algorithm." >> >> If withCredentials is false, it seems like the cookies returned from the >> request shouldn't be stored either, but I couldn't find mention of this. >> (Why should the cookies returned from this be stored and possibly interfere >> with same origin requests, especially if the cookies aren't being sent?) >> Is this true? >> thanks, dave > >
Received on Wednesday, 12 August 2009 04:56:50 UTC