[whatwg] Accessing cookies from workers

Michael Nordman michaeln at google.com
Thu Mar 5 19:56:43 PST 2009


On Thu, Mar 5, 2009 at 5:40 PM, Anne van Kesteren <annevk at opera.com> wrote:
> On Fri, 06 Mar 2009 10:35:19 +0900, Jonas Sicking <jonas at sicking.cc> wrote:
>>
>> Gecko, and I believe the latest XHR spec drafts, have disabled access
>> to cookies through XHR in order to prevent leaking of HTTPOnly
>> cookies.
>
> Yes, cookies are no longer exposed through XMLHttpRequest in any way per the
> specification.

So am i to understand that cookies headers are not sent to the servers
when using XHR, and that set-cookie headers in a server response to an
XHRs is not respected by the UA? Since that would break about every
known app in the world, I somehow think not.

This is all you would need in order to set/read cookies from a worker
(albeit a very expensive operation), provided you had a server that
would cooperate with you.

Regarding being able to read/write cookies from a worker context... of
course you should be able to do that... if it takes an async api than
so be it.

>
>
> --
> Anne van Kesteren
> http://annevankesteren.nl/
>



More information about the whatwg mailing list