joelweinberger
commented
8 years ago @devd, This should be the simplified change.
Closed joelweinberger closed 8 years ago
joelweinberger
commented
8 years ago @devd, This should be the simplified change.
joelweinberger
commented
8 years ago @devd, let me know how this looks.
annevk
commented
8 years ago You will also need to define how this affects existing processing models.
joelweinberger
commented
8 years ago Indeed. That really applies to all the flags in the "Security Model Opt-Outs" section. I filed #51 to track this.
annevk
commented
8 years ago Thanks, without that it's really hard to evaluate the impact of these changes.
@devd can you review this update? This adds a new option flag per the discussion in #33 to force include credentials on all cross-origin requests. You can also see the compiled version at https://metromoxie.github.io/webappsec-suborigins/.