Note that cookies take effect despite CORS failures

Per discussion in #855.
whatwg · Jan 23, 2019 · d219389 · d219389
1 parent 939817c
commit d219389
Showing 1 changed file with 4 additions and 2 deletions.
diff --git a/fetch.bs b/fetch.bs
@@ -2720,10 +2720,11 @@ Access-Control-Allow-Credentials: true
 </code></pre>
 
  <p>If the response does not include those two headers with those values, the <code>failure</code>
- callback will be invoked and any `<code>Set-Cookie</code>` response headers will end up being
- ignored.
+ callback will be invoked. However, any `<code>Set-Cookie</code>` response headers will be
+ respected.
 </div>
 
+
 <h4 id=cors-protocol-exceptions>CORS protocol exceptions</h4>
 
 <p>Specifications have allowed limited exceptions to the CORS safelist for non-safelisted
@@ -7134,6 +7135,7 @@ Nikki Bee,
 Nikunj Mehta,
 Odin Hørthe Omdal,
 Ondřej Žára,
+O. Opsec,
 Philip Jägenstedt,
 R. Auburn,
 Raphael Kubo da Costa,