Re: Re: Re: [XHR] anonymous flag

> > OK then - Anne and others, what do you think about creating a new tri-state xhr.credentialsPolicy property and discouraging usage of xhr.withCredentials ?
> I think I'd prefer removing the constructor flag and leaving new

> features to the API for Fetch.

Sorry, I don't understand what you meant by this sentence.

Fetch already has the required "underpinnings" for this tri-state flag:

"A request has an associated omit credentials mode, which is one of always, CORS, and never."

which maps exactly to credentialsPolicy:

"omit credentials mode": always == credentialsPolicy: never 
(naming can be discussed, withCredentials='never' would be more intuitive but as we're not redefining withCredentials.. Maybe credentialsPolicy = 'nocredentials' ?)

"omit credentials mode": CORS == credentialsPolicy: 'samedomain'

"omit credentials mode": never == credentialsPolicy: 'always'

So creating a new tri-state property in the XHR spec should also simplify integration with the Fetch spec.

> Also, we still need to nail down the
> details of withCredentials. Questions raised in
> have gone without conclusive answers.

I'm afraid I have no idea what the answers are..

Hallvord R. M. Steen
Core tester, Opera Software

Received on Thursday, 30 May 2013 12:31:28 UTC