W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

Re: XHR without user credentials

From: Anne van Kesteren <annevk@opera.com>
Date: Mon, 08 Jun 2009 23:13:29 +0200
To: "Tyler Close" <tyler.close@gmail.com>, "Mark S. Miller" <erights@google.com>
Cc: "Adam Barth" <w3c@adambarth.com>, public-webapps <public-webapps@w3.org>
Message-ID: <op.uu748rsx64w2qv@annevk-t60>
On Mon, 08 Jun 2009 19:24:03 +0200, Tyler Close <tyler.close@gmail.com> wrote:
> For CORS <http://www.w3.org/TR/access-control/>, and other parts of
> web-apps, I think the above agreement is the important take-away from
> this discussion. For sites with advertising, or other third-party
> widgets, it would be nice to have a way for code to issue network
> requests without impersonating the hosting page's Origin.

We already have a feature to do a request without credentials. Set the withCredentials flag to false. (If you meant something else that was not clear from the context, at least to me.)

Anne van Kesteren
Received on Monday, 8 June 2009 21:14:31 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 20 October 2015 13:55:26 UTC