- From: Jonas Sicking <jonas@sicking.cc>
- Date: Fri, 17 Jun 2011 18:46:59 -0700
On Fri, Jun 17, 2011 at 5:31 PM, ilya goberman <goberman at msn.com> wrote: > I do not really understand what "specify the request to happen with > credentials" really mean. Can someone explain or point to an example? > My opinion is that it should be the same for the XHR and EventSource and > should also be backward compatible. We currently generate > Access-Control-Allow-Origin:* in the server responses for the XHR requests > to allow cross-domain calls (and do not really do anything beyond that) and > I hope it will not be broken with these new "credentials validation" > changes. > Thanks I'd love to hear more about this as it's directly related to the question Hixie asked. I take it you are sending that header from some set of URLs on your servers, which are then loaded using XHR (XDR in IE) from other sites? And you are wanting to (or perhaps are already) structuring that data such that it can be used with EventSource once browsers support it, and support using it in cross-site scenarios? Am I correct so far? If so, what type of data are you returning from these URLs? Given the header you are sending, it seems like this is not personalized data, but rather generic data which looks the same no matter which users browser is reading it. Or more specifically, you are not personalizing the response from these requests based on the users cookies, is this correct? Thanks! / Jonas
Received on Friday, 17 June 2011 18:46:59 UTC