- From: Benson Margulies <bimargulies@gmail.com>
- Date: Fri, 23 Dec 2011 11:22:38 -0500
- To: Jarred Nicholls <jarred@sencha.com>
- Cc: public-webapps@w3.org
On Fri, Dec 23, 2011 at 11:13 AM, Jarred Nicholls <jarred@sencha.com> wrote: > On Fri, Dec 23, 2011 at 11:03 AM, Benson Margulies <bimargulies@gmail.com> > wrote: >> >> I am failing to come up with a sequence of calls to XMLHttpRequest >> that will trigger credential processing while remaining a simple >> request. Explicit credentials passed to open() are prohibited for all >> cross-origin requests, > > > Have you set withCredentials = true; ? Yes, but don't I actually have to have some credentials as well? I thought i tested this, but I may not have, so I'll go test it again. > >> >> and url-embedded credentials seem to trigger >> the same prohibition. An Authorization header is non-simple. >> Certificates would be rather gigantically difficult in the testing >> environment I'm working with. There's talk of cookies, but those would >> also make the request non-simple, wouldn't they? >> > > > > -- > ................................................................ > > Sencha > Jarred Nicholls, Senior Software Architect > @jarrednicholls >
Received on Friday, 23 December 2011 16:23:14 UTC