W3C home > Mailing lists > Public > public-webapps@w3.org > April to June 2009

Re: XHR without user credentials

From: Anne van Kesteren <annevk@opera.com>
Date: Mon, 08 Jun 2009 23:17:25 +0200
To: "Tyler Close" <tyler.close@gmail.com>, "Mark S. Miller" <erights@google.com>
Cc: "Adam Barth" <w3c@adambarth.com>, public-webapps <public-webapps@w3.org>
Message-ID: <op.uu75fbjw64w2qv@annevk-t60>
On Mon, 08 Jun 2009 23:13:29 +0200, Anne van Kesteren <annevk@opera.com> wrote:
> On Mon, 08 Jun 2009 19:24:03 +0200, Tyler Close <tyler.close@gmail.com>  
> wrote:
>> For CORS <http://www.w3.org/TR/access-control/>, and other parts of
>> web-apps, I think the above agreement is the important take-away from
>> this discussion. For sites with advertising, or other third-party
>> widgets, it would be nice to have a way for code to issue network
>> requests without impersonating the hosting page's Origin.
>
> We already have a feature to do a request without credentials. Set the  
> withCredentials flag to false. (If you meant something else that was not  
> clear from the context, at least to me.)

Though saying that I realize this is currently a strictly cross-origin feature. I suppose we can change that but having the defaults be different is somewhat awkward.


-- 
Anne van Kesteren
http://annevankesteren.nl/
Received on Monday, 8 June 2009 21:19:17 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:31 GMT