- From: Rob Wu <rob@robwu.nl>
- Date: Sun, 16 Feb 2014 20:09:01 +0100
- To: public-webapps@w3.org
There used to be an "anon" flag that allows users to make "anonymous" requests. 4 months ago, it was dropped [1] (lack of followers? [2], [3]) Why is "withCredentials" not supported for same-origin requests? Presumably because its default value is false, and changing such behavior would break backwards-compatibility? If so, I request to allow it to have three values: - null (default, semantics of current "false" for backwards-compatibility) - false (new meaning: do NOT add cookies) - true ( note that I interpret "same origin request" as "CORS-free request", because Chrome extensions can make cross-origin requests without CORS when it specifies the host permissions in a manifest file. However, due to the lack of support for "anonymous" requests, there is an unsurmountable privacy issue (see [4]), which I want to fix ). Thoughts? -- https://robwu.nl [1]: https://github.com/whatwg/xhr/commit/7c4b8cb0 [2]: http://lists.whatwg.org/htdig.cgi/whatwg-whatwg.org/2013-March/039104.html). [3]: http://crbug.com/113920 [4]: http://crbug.com/48118
Received on Monday, 17 February 2014 09:30:18 UTC