On Mon, May 8, 2017 at 2:28 PM, Patrick McManus <[email protected]> wrote: > On Mon, May 8, 2017 at 3:36 AM, Anne van Kesteren <[email protected]> wrote: >> A connection can become anonymous-request-tainted when you send an >> anonymous request over it. If a connection is authenticated the client won't >> send an anonymous request over it and instead open a new connection. > > In at least the common case, cookies, there is just no need for this rule > and it leads to most of the confusion we have. The connection can easily mix > cookies and no-cookies.
Agreed. I don't know why you think what I wrote touches that? I'm only talking about authenticated connections (not requests with credentials) and requests without credentials (anonymous requests) as it was my understanding that we did not want to mix those. -- https://annevankesteren.nl/ _______________________________________________ dev-tech-network mailing list [email protected] https://lists.mozilla.org/listinfo/dev-tech-network
