On Thu, Jan 15, 2015 at 3:47 PM, Andrew Sutherland < [email protected]> wrote:
> On Thu, Jan 15, 2015, at 04:28 PM, Robert Strong wrote: > > I am fairly certain I could disable cookies on the client side to work > > around this and make it an option for each app since some apps will > > likely > > want cookies. I'd much prefer it if this was done on the server and > > thereby > > avoid more client code / complexity. If you are referring to testing the > > server that test would need to be outside of build tests of course. > > I'm not sure which you're referring to in regards to client complexity, > but note that Firefox OS ended up adding "mozAnon" to XMLHttpRequest to > allow requests to avoid sending cookies/auth headers. Even if the ping > doesn't use XHR (which does seem to have a native-ish constructor > available? > > https://dxr.mozilla.org/mozilla-central/source/dom/workers/XMLHttpRequest.cpp#1639 > ), > it seems likely much of the plumbing could be reused. If you're talking > about the settings stuff, that is of course different. > > Andrew > Complexity as in more code and allowing consumers the ability to use cookies if they want. I'm tempted to just go with no cookies for app update and consumers can just add any additional details to the url. Filed https://bugzilla.mozilla.org/show_bug.cgi?id=1122305 Robert _______________________________________________ governance mailing list [email protected] https://lists.mozilla.org/listinfo/governance
