W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2013

[XHR] withCredentials and HTTP authentication

From: Monsur Hossain <monsur@gmail.com>
Date: Mon, 11 Feb 2013 22:24:21 -0600
Message-ID: <CAKSyWQmNypyfJKTafsz23kqXbHhjnmCtDN=GAHbm657RVhzYVw@mail.gmail.com>
To: public-webapps@w3.org
The XHR spec defines "user credentials" as "cookies, HTTP authentication,
and client-side SSL certificates". Its not clear to me what "HTTP
authentication" referring to.

I assumed it was referring to the HTTP authentication in RFC 2617, which
uses the "Authorization" header. But a quick
that arbitrary Authorization headers are allowed on CORS requests.

It could also mean the http://<username>@<password>:domain.com form of
authentication (not sure where this is formally defined).

What type of http authentication is the XHR spec referring to?

Received on Tuesday, 12 February 2013 04:24:51 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 20 October 2015 13:55:56 UTC