- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Mon, 6 May 2013 15:59:07 -0700
- To: Hallvord Reiar Michaelsen Steen <hallvord@opera.com>
- Cc: Jonas Sicking <jonas@sicking.cc>, WebAppSec WG <public-webappsec@w3.org>, WebApps WG <public-webapps@w3.org>
On Mon, May 6, 2013 at 1:39 PM, Hallvord Reiar Michaelsen Steen <hallvord@opera.com> wrote: > (Could we however fix this in CORS so that the WWW-Authenticate header could be included in a preflight response where applicable?) Maybe we should wait for actual complaints about XMLHttpRequest + CORS lacking integrated support for HTTP authentication before complicating the protocol even more with unused garbage. In other words, given that the majority of sites are not using a variant of HTTP authentication at the moment I don't think further enshrining it is worth the cost. -- http://annevankesteren.nl/
Received on Monday, 6 May 2013 22:59:35 UTC