- From: Michael Nordman <michaeln@google.com>
- Date: Thu, 5 Mar 2009 19:56:43 -0800
On Thu, Mar 5, 2009 at 5:40 PM, Anne van Kesteren <annevk at opera.com> wrote: > On Fri, 06 Mar 2009 10:35:19 +0900, Jonas Sicking <jonas at sicking.cc> wrote: >> >> Gecko, and I believe the latest XHR spec drafts, have disabled access >> to cookies through XHR in order to prevent leaking of HTTPOnly >> cookies. > > Yes, cookies are no longer exposed through XMLHttpRequest in any way per the > specification. So am i to understand that cookies headers are not sent to the servers when using XHR, and that set-cookie headers in a server response to an XHRs is not respected by the UA? Since that would break about every known app in the world, I somehow think not. This is all you would need in order to set/read cookies from a worker (albeit a very expensive operation), provided you had a server that would cooperate with you. Regarding being able to read/write cookies from a worker context... of course you should be able to do that... if it takes an async api than so be it. > > > -- > Anne van Kesteren > http://annevankesteren.nl/ >
Received on Thursday, 5 March 2009 19:56:43 UTC