W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2013

Re: [whatwg] Fetch: crossorigin="anonymous" and XMLHttpRequest

From: Jonas Sicking <jonas@sicking.cc>
Date: Wed, 20 Mar 2013 23:18:08 -0700
Message-ID: <CA+c2ei9SE7PcFaAM2fEyZmxPEdpkC=5MTaQFMmZO_F1kgPLrfA@mail.gmail.com>
To: Anne van Kesteren <annevk@annevk.nl>
Cc: WHATWG <whatwg@whatwg.org>
On Wed, Mar 20, 2013 at 2:31 PM, Anne van Kesteren <annevk@annevk.nl> wrote:
> > That said, allowing both anonymous and non-anonymous requests to do
> > xhr.setRequestHeader("referer", "") might be a good idea. I.e. being
> > able to set it explicitly to the empty string.
>
> Okay.
>
> Does anonymous also mean not handling 401 by prompting the user?

I think so yes.

> What about 407?

The fact that there's a proxy that the user needs to log in to should
never be exposed to the platform I would think. Nor should the
platform be able to affect how the user interacts with such a proxy.

/ Jonas
Received on Thursday, 21 March 2013 06:19:05 GMT

This archive was generated by hypermail 2.3.1 : Thursday, 21 March 2013 06:19:07 GMT