> > Is there no way to make the unique origin sandboxed iframe cookieless? I > > suppose, if not, the containing page could create a fresh unique origin > > sandboxed iframe per request, but seems rather heavy. Would that > > successfully render the resulting network messages cookieless? > > Cookies (and HTTP authentication) in a request do not depend on the source > but on the destination. So XMLHttpRequest would have to be explicitly told > not to include them for one reason or another. >
Doh! Momentary confusion on my part. Thanks for catching this. -- Cheers, --MarkM
