W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2014

Re: [XHR2] anonymous same-origin requests (alter withCredentials)

From: Hallvord R. M. Steen <hsteen@mozilla.com>
Date: Mon, 17 Feb 2014 02:39:06 -0800 (PST)
To: Rob Wu <rob@robwu.nl>
Cc: public-webapps@w3.org
Message-ID: <972181867.7214077.1392633546839.JavaMail.zimbra@mozilla.com>
> Why is "withCredentials" not supported for same-origin requests?
> Presumably because its default value is false, and changing such behavior would
> break backwards-compatibility?
> If so, I request to allow it to have three values:

Hi Rob,
I already suggested pretty much exactly this in 
http://lists.w3.org/Archives/Public/public-webapps/2013AprJun/0766.html
and follow-up mails like http://lists.w3.org/Archives/Public/public-webapps/2013AprJun/0729.html - apparently, the consensus was that it was too late to redefine withCredentials at that point. Regrettably. Now, if it's a requirement or considered a very good idea for Chrome extension use cases perhaps you can push back against those arguments - a tri-state withCredentials would certainly be my favoured outcome if we can get the implementors onboard and avoid breaking existing content ;-)
-Hallvord
Received on Monday, 17 February 2014 10:39:33 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:14:22 UTC