[Bug 21013] New: Credentials and HTTP authentication from bugzilla@jessica.w3.org on 2013-02-15 (public-webappsec@w3.org from February 2013)

From: <bugzilla@jessica.w3.org>
Date: Fri, 15 Feb 2013 14:34:35 +0000
To: public-webappsec@w3.org
Message-ID: <bug-21013-4874@http.www.w3.org/Bugs/Public/>

https://www.w3.org/Bugs/Public/show_bug.cgi?id=21013

            Bug ID: 21013
           Summary: Credentials and HTTP authentication
    Classification: Unclassified
           Product: WebAppsSec
           Version: unspecified
          Hardware: PC
                OS: All
            Status: NEW
          Severity: normal
          Priority: P2
         Component: CORS
          Assignee: annevk@annevk.nl
          Reporter: annevk@annevk.nl
        QA Contact: dave.null@w3.org
                CC: mike@w3.org, public-webappsec@w3.org

CORS allows HTTP authentication without special credentials header opt-in,
because you already need to opt-in to the HTTP authentication header.

We should be clearer about that somehow.

http://lists.w3.org/Archives/Public/public-webapps/2013JanMar/thread.html#msg366

-- 
You are receiving this mail because:
You are on the CC list for the bug.

Received on Friday, 15 February 2013 14:34:39 UTC