On Jan 31, 2008 11:49 AM, Piotr Jaroszyński <[EMAIL PROTECTED]> wrote:
> On Thursday 31 of January 2008 20:26:45 Bruno Bowden wrote: > > > That's an interesting idea. I think it could work for most cases, but > > > some lower level API would be nice too, if greater flexibility is > > > necessary. > > > > Whatever we do, the "cookie" should never be manipulated directly. For > > Caja, it's important that we use an interface so that we can change > > implementation - as Kevin mentioned, Caja will not allow you manipulate > a > > cookie directly. > > I don't quite understand this point. A cookie, fetched from a 3rd-party > site > via the proxy, from the gadget POV is just a list of key value pairs. I > don't > see how even manipulating that data directly can do any harm? If they're not being used as real cookies, there's not a lot of value in constraining them. If you want data from a third party site, just get it back as part of the normal response. Sending cookies certainly has value, but retrieving them doesn't seem to offer any real benefit over just including that data in the message body.
