Hacker News
new
|
past
|
comments
|
ask
|
show
|
jobs
|
submit
login
jefftk
on Feb 23, 2021
|
parent
|
context
|
favorite
| on:
Total Cookie Protection
No, the cookies won't be sent. That would defeat the whole purpose.
CobrastanJorji
on Feb 23, 2021
[–]
So this effectively eliminates the "XMLHttpRequest.withCredentials" setting? Interesting! Thanks for clarifying.
jefftk
on Feb 23, 2021
|
parent
[–]
No, is still has an effect. CORS operates on a per-origin basis, while privacy mitigations operate on a per-site basis. You might want withCredentials if www.site.example wanted to share cookies with forums.site.example.
Guidelines
|
FAQ
|
Lists
|
API
|
Security
|
Legal
|
Apply to YC
|
Contact
Search:
