Indeed, otherwise there's a risk that existing cookies for the site will be overwritten.
/ Jonas On Tue, Aug 11, 2009 at 8:41 PM, David Levin<[email protected]> wrote: > It appears that both Safari and Firefox ignore returned cookies from a cross > origin xhr when the credentials flag is set to false. This behavior seems > very reasonable. > Should the XMLHttpRequest level 2 spec indicate that this is the expected > behavior? > Dave > > On Thu, Jul 30, 2009 at 11:46 AM, David Levin <[email protected]> wrote: >> >> In http://www.w3.org/TR/XMLHttpRequest2/#credentials, it >> says: "The credentials flag ...indicates whether a non same origin request >> includes cookie and HTTP authentication data...during the send() algorithm." >> >> If withCredentials is false, it seems like the cookies returned from the >> request shouldn't be stored either, but I couldn't find mention of this. >> (Why should the cookies returned from this be stored and possibly interfere >> with same origin requests, especially if the cookies aren't being sent?) >> Is this true? >> thanks, dave > >
