- From: Mark Nottingham <mnot@yahoo-inc.com>
- Date: Fri, 21 Apr 2006 09:33:28 -0700
- To: "Web APIs WG (public)" <public-webapi@w3.org>
[ from the big comment e-mail; raising as a separate issue, as requested ] If the browser is already sending credentials for a particular protection space (to use RFC2617 terminology), XHR SHOULD send them when accessing resources in the same space. It'll need to define precedence between these and those explicitly used in a call (which would override, I presume). In other words, if I'm already logged into a site, XHR should reuse my credentials, rather than ask me for them again. -- Mark Nottingham mnot@yahoo-inc.com
Received on Friday, 21 April 2006 16:34:23 UTC