W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2013

Re: [whatwg] Fetch: HTTP Authentication

From: Robin Berjon <robin@w3.org>
Date: Thu, 14 Mar 2013 17:02:54 +0000
Message-ID: <514202BE.6000004@w3.org>
To: Anne van Kesteren <annevk@annevk.nl>
Cc: WHATWG <whatwg@whatwg.org>
On 14/03/2013 16:57 , Anne van Kesteren wrote:
> On Thu, Mar 14, 2013 at 4:34 PM, Robin Berjon <robin@w3.org> wrote:
>> People who *do* rely on this (assuming they exist — in this case they
>> probably do somewhere) will find their services broken if we change it. So
>> on the face of things, I get the impression that there's zero cost in
>> keeping things the way they are, and risk in changing them.
>
> Sure, I meant for new contexts and maybe some existing contexts, such
> as workers.

Oh, yes, agreed — for anything new this is madness. And I doubt anything 
recent relies on it, either.

> Also, for shared workers it's not entirely clear which
> browsing context you'd prompt in if an importScript() or same-origin
> XMLHttpRequest happened.

I think that's definitely a bug.

>> I think that the lack of interoperability, and the complete inanity of
>> prompting in browsers where it happens, is more problematic in the case of
>> unsafe redirects.
>
> There should simply be no prompting there, it makes no sense.

It's not just madness, it's different madness everywhere :)

-- 
Robin Berjon - http://berjon.com/ - @robinberjon
Received on Thursday, 14 March 2013 17:03:34 GMT

This archive was generated by hypermail 2.3.1 : Thursday, 14 March 2013 17:03:34 GMT