On Wed, 12 Aug 2009 05:41:57 +0200, David Levin <[email protected]> wrote: > It appears that both Safari and Firefox ignore returned cookies from a > cross origin xhr when the credentials flag is set to false. This behavior > seems very reasonable. > Should the XMLHttpRequest level 2 spec indicate that this is the expected > behavior? > Dave
The editor's draft now states that cookies can only be set when the credentials flag is true. -- Anne van Kesteren http://annevankesteren.nl/
