- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Tue, 14 Oct 2014 09:06:25 +0200
- To: Jonas Sicking <jonas@sicking.cc>
- Cc: WHATWG <whatwg@whatwg.org>
On Tue, Oct 14, 2014 at 1:02 AM, Jonas Sicking <jonas@sicking.cc> wrote: > We'd definitely need to treat the header as a content-set header from > a CORS perspective. Otherwise we'd have problems not just with pages > behind firewalls, but also websites that use cookies for > authentication. I.e. most websites. I thought maybe if we just allow it to be omitted (and not set to any value) it would be okay. Just like we allow Referrer to be omitted. But maybe not. -- https://annevankesteren.nl/
Received on Tuesday, 14 October 2014 07:06:50 UTC