Re: Fetch: HTTP authentication and CORS

On Fri, May 3, 2013 at 7:00 PM, Jonas Sicking <jonas@sicking.cc> wrote:
> In the Gecko implementation they aren't. Assuming that you mean when with
> credentials is set to false?

Right, when it's set to false. What's the normative reference for TLS
client certificates? https://tools.ietf.org/html/rfc5246#section-7.4.6
maybe?


> We also don't reuse keep-alive http connections.

Are we talking about persistent connections as per
http://tools.ietf.org/html/rfc2616#section-8.1 or the obsolete
HTTP/1.0 feature?


--
http://annevankesteren.nl/

Received on Saturday, 4 May 2013 08:29:57 UTC