W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2012

Re: [XHR]

From: Anne van Kesteren <annevk@annevk.nl>
Date: Thu, 13 Sep 2012 17:33:59 +0200
Message-ID: <CADnb78jgJkXBjt_yrrRVSO=mO4cVcZU3w-PBXfgFQBgE778HAQ@mail.gmail.com>
To: Paul.Todd@sybase.com
Cc: public-webapps@w3.org
On Thu, Sep 13, 2012 at 5:11 PM,  <Paul.Todd@sybase.com> wrote:
> Its still unclear, given that I was creating the Authorization header as per RFC 2616 AND the server does not support CORS or advertise CORS but supports Basic authentication. I would have expected this to fail given that it would allow a distributed password search.

Yeah, cross-origin that should fail. If you include a Authorization
header the user agent will make a preflight request and if the server
does not reply appropriately you'll get a network error.

Received on Thursday, 13 September 2012 15:34:36 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:13:38 UTC