Re: [cors] Allow-Credentials vs Allow-Origin: * on image elements? from Simon Pieters on 2010-07-08 (public-webapps@w3.org from July to September 2010)

From: Simon Pieters <simonp@opera.com>
Date: Thu, 08 Jul 2010 09:49:26 +0200
To: "Charlie Reis" <creis@chromium.org>, "Devdatta Akhawe" <dev.akhawe@gmail.com>
Cc: "Mark S. Miller" <erights@google.com>, "Anne van Kesteren" <annevk@opera.com>, public-webapps@w3.org
Message-ID: <op.vfilcooiidj3kv@dhcp-190.linkoping.osa>

On Thu, 08 Jul 2010 03:44:03 +0200, Devdatta Akhawe <dev.akhawe@gmail.com>  
wrote:

>> It's not just implementation effort-- as I mentioned, it's potentially a
>> compatibility question.  If you are proposing not sending cookies on any
>> cross-origin images (or other potential candidates for CORS), do you  
>> have
>> any data about which sites that might affect?
>
> Its not clear to me on how it would affect sites. It would be like the
> user cleared his cache and made a request.

For instance, a bank site might force the user to log in again.

-- 
Simon Pieters
Opera Software

Received on Thursday, 8 July 2010 07:50:17 UTC