Maciej Stachowiak wrote:
On Jun 13, 2008, at 4:56 PM, Jonas Sicking wrote:
Hi All,
Since I haven't received any feedback on the various straw-men in the
"Opting in to cookies" thread, I'll send a full proposal (wrote most
of this yesterday, Thomas wrote some opinions on cookies this morning).
First off, as before, when I talk about "cookies" in this mail I really
mean cookies + digest auth headers + any other headers that carry the
users credentials to a site. However i'll just use the term "cookies"
for readability, and since that is on the web currently the most
common carrier of credentials.
So here goes:
When loading a resource using access-control associate the request with
a "with credentials" flag.
When the resource is loaded using an URI which starts with the string
"user-private:" set the "with credentials" flag to true. Otherwise set
it to false.
How could an http or https URI start with the string "user-private:"?
Are you proposing a new URI scheme?
My proposal is for nesting schemes, so you'd load
user-private:http://example.com/address.php
/ Jonas