W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2009

[whatwg] Accessing cookies from workers

From: Michael Nordman <michaeln@google.com>
Date: Thu, 5 Mar 2009 19:56:43 -0800
Message-ID: <fa2eab050903051956o19be1605q6d3997cabece1912@mail.gmail.com>
On Thu, Mar 5, 2009 at 5:40 PM, Anne van Kesteren <annevk at opera.com> wrote:
> On Fri, 06 Mar 2009 10:35:19 +0900, Jonas Sicking <jonas at sicking.cc> wrote:
>> Gecko, and I believe the latest XHR spec drafts, have disabled access
>> to cookies through XHR in order to prevent leaking of HTTPOnly
>> cookies.
> Yes, cookies are no longer exposed through XMLHttpRequest in any way per the
> specification.

So am i to understand that cookies headers are not sent to the servers
when using XHR, and that set-cookie headers in a server response to an
XHRs is not respected by the UA? Since that would break about every
known app in the world, I somehow think not.

This is all you would need in order to set/read cookies from a worker
(albeit a very expensive operation), provided you had a server that
would cooperate with you.

Regarding being able to read/write cookies from a worker context... of
course you should be able to do that... if it takes an async api than
so be it.

> --
> Anne van Kesteren
> http://annevankesteren.nl/
Received on Thursday, 5 March 2009 19:56:43 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:10 UTC