- From: Anne van Kesteren <annevk@opera.com>
- Date: Fri, 27 Aug 2010 13:51:40 +0200
- To: "WebApps WG" <public-webapps@w3.org>
I updated CORS to use the newly introduced "block cookies flag" of the HTML5 fetch algorithm. This prevents a response to set cookies. This is always used for preflight requests and used for all other requests when the credentials flag is false. In addition the Referer header is excluded for any request when the source origin is a globally unique identifier. (As is the case when e.g. AnonXMLHttpRequest is used. I think this is all correct now. Let me know if I missed something: http://dev.w3.org/2006/waf/access-control/ -- Anne van Kesteren http://annevankesteren.nl/
Received on Friday, 27 August 2010 11:52:14 UTC