- From: Jonas Sicking <jonas@sicking.cc>
- Date: Sat, 18 May 2013 13:58:35 -0700
- To: Hallvord Reiar Michaelsen Steen <hallvord@opera.com>
- Cc: Anne van Kesteren <annevk@annevk.nl>, public-webapps <public-webapps@w3.org>
On Sat, May 18, 2013 at 1:43 PM, Hallvord Reiar Michaelsen Steen <hallvord@opera.com> wrote: > >> > BTW - have you considered allowing setting withCredentials to "false" for same-origin resources? >> > >> I suspect that would break sites. > > > Possibly, but I find it unlikely - if it's set, it's most likely usually set to "true", not "false", and it's also most likely rarely set for same-origin requests. Wonder how hard it would be to ship a test in some beta- or preview build of some browser..? 8-) > > >> Making a boolean a tri-state with a >> default depending on an external variable is also super confusing. > > > To whom? "Defaults to true for same-origin, false for cross-origin, can be set to override" seems to give authors a behaviour that's relatively intuitive. (Authors would not really have to consider the odd tri-state underpinnings, it still looks like a boolean except with a variable default behaviour). It seems confusing to anyone who reads the value. What would it return in the various situations? I.e. before and after .open() has been called, and if .open() was called with a cross-origin URL or not. / Jonas
Received on Saturday, 18 May 2013 20:59:32 UTC