- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Thu, 13 Sep 2012 17:33:59 +0200
- To: Paul.Todd@sybase.com
- Cc: public-webapps@w3.org
On Thu, Sep 13, 2012 at 5:11 PM, <Paul.Todd@sybase.com> wrote: > Its still unclear, given that I was creating the Authorization header as per RFC 2616 AND the server does not support CORS or advertise CORS but supports Basic authentication. I would have expected this to fail given that it would allow a distributed password search. Yeah, cross-origin that should fail. If you include a Authorization header the user agent will make a preflight request and if the server does not reply appropriately you'll get a network error. -- http://annevankesteren.nl/
Received on Thursday, 13 September 2012 15:34:36 UTC