- From: John Wilander <john.wilander@owasp.org>
- Date: Tue, 20 Aug 2013 10:54:40 +0200
- To: Mike Shema <mshema@qualys.com>
- Cc: public-webappsec <public-webappsec@w3.org>
Received on Tuesday, 20 August 2013 08:55:08 UTC
2013/8/15 Mike Shema <mshema@qualys.com> > An SOS policy may be applied to one or more cookies for a web application > on a per-cookie or collective basis. The policy controls whether the > browser includes those cookies during cross-origin requests. (A > cross-origin resource cannot access a cookie from another origin, but it > may generate a request that causes the cookie to be included.) Michal mentioned it but it wasn't clear to me – does your proposal apply only to CORS or to all cross-origin requests (iframes, frame sets, images, scripts, style sheets, form gets/posts etc)? Regards, John
Received on Tuesday, 20 August 2013 08:55:08 UTC