On Tue, Jun 3, 2014 at 11:05 AM, Arvind Jain <arvind@google.com> wrote:
> 1) Re. 407, what should be the behavior? If the beacon response is a 407,
> should we display an authentication dialog given that the site may have
> gone away? Anne asked whether there should be a flag for it in fetching
> layer. What are we doing today in Mozilla's implementation?
Personally, I think the beacon should fail silently on 407. If we popup an
auth box, the user has zero context where it came from because the beacon
request is invisible to them. In the best case, this is just annoying, in
the worst case, this can mislead the user into giving away credentials
where they shouldn't have (should I type in auth details for current site,
or beacon URL, what is this beacon URL anyway, and what's a beacon? And so
on...).
ig