- From: John Panzer <jpanzer@acm.org>
- Date: Thu, 14 Feb 2008 18:56:12 -0800
- To: Ian Hickson <ian@hixie.ch>
- CC: "WAF WG (public)" <public-appformats@w3.org>
Received on Friday, 15 February 2008 02:56:36 UTC
Ian Hickson wrote: > On Thu, 14 Feb 2008, John Panzer wrote: > >> Right, I'm not talking about Access-Control, I'm talking about general >> HTTP auth[nz]. I don't understand the rationale for AC4CSR's policies >> with regard to the Authorization: header >> > > The rationale is really as simple as this: browser vendors don't want to > enable a distributed user credentials search. > Which could be accomplished by banning Authorization: Basic and Authorization: Digest only.
Received on Friday, 15 February 2008 02:56:36 UTC