[cors] what's an example a simple request with credentials? from Benson Margulies on 2011-12-23 (public-webapps@w3.org from October to December 2011)

From: Benson Margulies <bimargulies@gmail.com>
Date: Fri, 23 Dec 2011 11:03:25 -0500
To: public-webapps@w3.org
Message-ID: <CALhtWke7pRCEo7Y5ipAt4sCjUGwzjm5f8tn8jB14QSaVFFhyaQ@mail.gmail.com>

I am failing to come up with a sequence of calls to XMLHttpRequest
that will trigger credential processing while remaining a simple
request. Explicit credentials passed to open() are prohibited for all
cross-origin requests, and url-embedded credentials seem to trigger
the same prohibition. An Authorization header is non-simple.
Certificates would be rather gigantically difficult in the testing
environment I'm working with. There's talk of cookies, but those would
also make the request non-simple, wouldn't they?

Received on Friday, 23 December 2011 16:04:00 UTC