- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Mon, 13 May 2013 14:28:06 -0700
- To: Hallvord Reiar Michaelsen Steen <hallvord@opera.com>
- Cc: public-webapps <public-webapps@w3.org>
On Mon, May 13, 2013 at 10:57 AM, Hallvord Reiar Michaelsen Steen <hallvord@opera.com> wrote: > Does anyone have real, non-contrived use cases for the anonymous flag? The basic idea was preventing confused deputy attacks by not exposing any information that could be used as such. So no credentials and no data about where the request originated from, forcing the architecture to be token-based effectively. I still think that makes some amount of sense, but if nobody is keen on implementing that we should indeed just drop it. Not sending credentials ever however still seems like something worth preserving (Fetch has a credentials mode for this as well). -- http://annevankesteren.nl/
Received on Monday, 13 May 2013 21:28:33 UTC