ISSUE-114: CORS does not define the effect of the credentials flag in sufficient detail

cors-credentials

CORS does not define the effect of the credentials flag in sufficient detail

State:
CLOSED
Product:
HISTORICAL: CORS [this spec uses Bugzilla for Bug/Issue tracking http://tinyurl.com/Bugz-CORS]
Raised by:
Maciej Stachowiak
Opened on:
2010-02-03
Description:
It looks like the only actual statement about the effect of the credentials flag is:

"Whenever the make a request steps are applied, make a request to request URL, using method request method, entity body request entity body, including the custom request headers, and include credentials if the credentials flag is true (e.g. HTTP authentication data and cookies)."

There's two problems with this:

(1) It's not normatively defined what constitutes a credential.
(2) It says to include credentials when the credentials flag is true, but it doesn't say they must not be included when the credentials flag is false.

I think the credentials flag should specifically affect cookies, http authentication, and client-side SSL certs, but not proxy authentication (or, obviously, Origin).
Related Actions Items:
No related actions
Related emails:
  1. Re: CORS Last Call status/plans? [Was: Re: [UMP] Request for Last Call] (from tyler.close@gmail.com on 2010-04-08)
  2. Re: CORS Last Call status/plans? [Was: Re: [UMP] Request for Last Call] (from Art.Barstow@nokia.com on 2010-04-08)
  3. Re: CORS Last Call status/plans? [Was: Re: [UMP] Request for Last Call] (from annevk@opera.com on 2010-04-07)
  4. CORS Last Call status/plans? [Was: Re: [UMP] Request for Last Call] (from art.barstow@nokia.com on 2010-04-07)
  5. Re: ISSUE-114 (CORS-credentials): CORS does not define the effect of the credentials flag in sufficient detail [CORS] (from annevk@opera.com on 2010-02-16)
  6. Re: [XHR2] AnonXMLHttpRequest() (from mjs@apple.com on 2010-02-03)
  7. ISSUE-114 (CORS-credentials): CORS does not define the effect of the credentials flag in sufficient detail [CORS] (from sysbot+tracker@w3.org on 2010-02-03)

Related notes:

http://lists.w3.org/Archives/Public/public-webapps/2010JanMar/0632.html

Anne van Kesteren, 15 Jun 2010, 08:18:47

Display change log ATOM feed

Chair, Staff Contact
Tracker: documentation, (configuration for this group), originally developed by Dean Jackson, is developed and maintained by the Systems Team <w3t-sys@w3.org>.
$Id: 114.html,v 1.1 2016/01/25 10:26:13 carine Exp $