On Mon, May 13, 2013 at 10:57 AM, Hallvord Reiar Michaelsen Steen <[email protected]> wrote: > Does anyone have real, non-contrived use cases for the anonymous flag?
The basic idea was preventing confused deputy attacks by not exposing any information that could be used as such. So no credentials and no data about where the request originated from, forcing the architecture to be token-based effectively. I still think that makes some amount of sense, but if nobody is keen on implementing that we should indeed just drop it. Not sending credentials ever however still seems like something worth preserving (Fetch has a credentials mode for this as well). -- http://annevankesteren.nl/
