RE: Fetch: HTTP authentication and CORS

That is correct.

Thanks
Bin

From: Paul Libbrecht [mailto:paul@hoplahup.net]
Sent: Wednesday, May 08, 2013 1:14 PM
To: HU, BIN
Cc: Hallvord Reiar Michaelsen Steen; Jonas Sicking; Anne van Kesteren; WebApps WG; WebAppSec WG
Subject: Re: Fetch: HTTP authentication and CORS

On 7 mai 2013, at 02:23, HU, BIN wrote:
Because "nonce" is needed to generate the appropriate digest, the 401 challenge is required.


So the lesson here is: any developer that intends to use authenticated XHR should always start with an XHR that is a simple ping-like GET, then do the real things. Right?

Paul

Received on Wednesday, 8 May 2013 23:12:23 UTC