15 Sep
2009
15 Sep
'09
8:09 p.m.
On Tue, Sep 15, 2009 at 07:36:31PM +0200, Johannes Hofmann wrote:
Or would it be enough to not send cookies or HTTP authentication data when loading such "unsafe" urls?
Cookies have an explicit domain part if they are supposed to apply to more than the current host. HTTP authentication is URL specific or at most host specific. Joerg