- From: Anne van Kesteren <annevk@opera.com>
- Date: Thu, 26 Apr 2012 14:38:11 +0200
- To: "public-webapps@w3.org" <public-webapps@w3.org>, "Hobbs, Timothy" <Timothy.Hobbs@ca.com>
On Tue, 17 Apr 2012 14:40:33 +0200, Hobbs, Timothy <Timothy.Hobbs@ca.com> wrote: > Is my interpretation of the XMLHttpRequest specification flawed, is > there a need for the browser behavior to change, or is my requirement > just not serious enough? The idea is that if you provide user/password, the browser does not transmit them to the server but first waits to get challenged. If challenged another request is made with the appropriate user/password. If that fails the user should not be prompted. However, I believe this behavior has not been universally implemented thus far and the way HTTP authentication works does not make it easy to write tests for. (At least I've had trouble creating exhaustive tests and reverse engineering the appropriate behavior so I mostly gave up and have been hoping for someone to fill me in on the details.) -- Anne van Kesteren http://annevankesteren.nl/
Received on Thursday, 26 April 2012 12:38:50 UTC