W3C home > Mailing lists > Public > public-webapps@w3.org > October to December 2011

Re: [cors] what's an example a simple request with credentials?

From: Benson Margulies <bimargulies@gmail.com>
Date: Fri, 23 Dec 2011 11:22:38 -0500
Message-ID: <CALhtWkf5Mp-hA=ALDJ3SkU2Jthmvj_3e5t+RUSdDJEm2G8ExxQ@mail.gmail.com>
To: Jarred Nicholls <jarred@sencha.com>
Cc: public-webapps@w3.org
On Fri, Dec 23, 2011 at 11:13 AM, Jarred Nicholls <jarred@sencha.com> wrote:
> On Fri, Dec 23, 2011 at 11:03 AM, Benson Margulies <bimargulies@gmail.com>
> wrote:
>>
>> I am failing to come up with a sequence of calls to XMLHttpRequest
>> that will trigger credential processing while remaining a simple
>> request. Explicit credentials passed to open() are prohibited for all
>> cross-origin requests,
>
>
> Have you set withCredentials = true; ?

Yes, but don't I actually have to have some credentials as well? I
thought i tested this, but I may not have, so I'll go test it again.
>
>>
>> and url-embedded credentials seem to trigger
>> the same prohibition. An Authorization header is non-simple.
>> Certificates would be rather gigantically difficult in the testing
>> environment I'm working with. There's talk of cookies, but those would
>> also make the request non-simple, wouldn't they?
>>
>
>
>
> --
> ................................................................
>
> Sencha
> Jarred Nicholls, Senior Software Architect
> @jarrednicholls
>
Received on Friday, 23 December 2011 16:23:14 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:49 GMT