[Standards] Redirects in BOSH

Joe Hildebrand joe.hildebrand at webex.com
Mon May 16 16:09:32 UTC 2011

On 5/10/11 1:17 PM, "Glenn Maynard" <glenn at zewt.org> wrote:

> Nothing stops you from using it if the client supports it; the spec doesn't
> prohibit other headers from being set.  I'm just opposed to BOSH *requiring*
> cookie support from clients.

You also probably want to test how well cookies work in practice if you're
doing CORS.  You may find that many modern browsers don't send cookies to
CORS domains for security reasons.

(sorry if this has been mentioned before in this thread; I skipped to the

Joe Hildebrand

More information about the Standards mailing list