- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Mon, 18 Mar 2013 12:43:04 +0000
- To: Jonas Sicking <jonas@sicking.cc>
- Cc: WHATWG <whatwg@whatwg.org>
On Sun, Mar 17, 2013 at 5:25 PM, Jonas Sicking <jonas@sicking.cc> wrote:
> On Sun, Mar 17, 2013 at 2:16 AM, Anne van Kesteren <annevk@annevk.nl> wrote:
>> I tried to address both by pointing to UMP which wants both a) and b).
>> The alternative would be to use <iframe sandbox=allow-scripts> which
>> exhibits the same behavior given the unique origin (that also blocks
>> Referer). I believe at least Maciej expressed interest in supporting
>> the UMP use case.
>
> But *why* does UMP want this behavior? What's the use case?
I think they do not want to expose any kind of identifying information
in the request to sort of force the capability model.
> In the Firefox implementation { anon:true } does for all requests what
> withCredentials=false does for cross-origin requests.
I see. Is it called anon already or still mozAnon? There's an
outstanding request to rename it to anonymous as most other terms are
spelled out.
--
http://annevankesteren.nl/
Received on Monday, 18 March 2013 12:43:33 UTC