ISSUE-114: CORS does not define the effect of the credentials flag in sufficient detail
cors-credentials
CORS does not define the effect of the credentials flag in sufficient detail
- State:
- CLOSED
- Product:
- HISTORICAL: CORS [this spec uses Bugzilla for Bug/Issue tracking http://tinyurl.com/Bugz-CORS]
- Raised by:
- Maciej Stachowiak
- Opened on:
- 2010-02-03
- Description:
- It looks like the only actual statement about the effect of the credentials flag is:
"Whenever the make a request steps are applied, make a request to request URL, using method request method, entity body request entity body, including the custom request headers, and include credentials if the credentials flag is true (e.g. HTTP authentication data and cookies)."
There's two problems with this:
(1) It's not normatively defined what constitutes a credential.
(2) It says to include credentials when the credentials flag is true, but it doesn't say they must not be included when the credentials flag is false.
I think the credentials flag should specifically affect cookies, http authentication, and client-side SSL certs, but not proxy authentication (or, obviously, Origin). - Related Actions Items:
- No related actions
- Related emails:
- Re: CORS Last Call status/plans? [Was: Re: [UMP] Request for Last Call] (from tyler.close@gmail.com on 2010-04-08)
- Re: CORS Last Call status/plans? [Was: Re: [UMP] Request for Last Call] (from Art.Barstow@nokia.com on 2010-04-08)
- Re: CORS Last Call status/plans? [Was: Re: [UMP] Request for Last Call] (from annevk@opera.com on 2010-04-07)
- CORS Last Call status/plans? [Was: Re: [UMP] Request for Last Call] (from art.barstow@nokia.com on 2010-04-07)
- Re: ISSUE-114 (CORS-credentials): CORS does not define the effect of the credentials flag in sufficient detail [CORS] (from annevk@opera.com on 2010-02-16)
- Re: [XHR2] AnonXMLHttpRequest() (from mjs@apple.com on 2010-02-03)
- ISSUE-114 (CORS-credentials): CORS does not define the effect of the credentials flag in sufficient detail [CORS] (from sysbot+tracker@w3.org on 2010-02-03)
Related notes:
http://lists.w3.org/Archives/Public/public-webapps/2010JanMar/0632.html
Anne van Kesteren, 15 Jun 2010, 08:18:47Display change log