W3C home > Mailing lists > Public > public-webapps@w3.org > July to September 2014

Re: [imports] credentials flag bits need to be updated to current fetch terminology

From: Anne van Kesteren <annevk@annevk.nl>
Date: Sun, 27 Jul 2014 13:18:25 +0200
Message-ID: <CADnb78hOQVAEVwNtCVY9w2BqLpxGe2+CZH6qdoKnDqbqyLmX6w@mail.gmail.com>
To: Hajime Morrita <morrita@google.com>
Cc: Boris Zbarsky <bzbarsky@mit.edu>, public-webapps <public-webapps@w3.org>
On Tue, Jul 22, 2014 at 12:36 AM, Hajime Morrita <morrita@google.com> wrote:
> It behaved like that before. I changed it to current one so that it works
> with credential-protected in-house or staged apps.

You'll need to elaborate a bit, I'm not sure I understand. In any
event, I think XMLHttpRequest's default behavior of only sending
credentials same-origin is somewhat confusing. If we only offer one
mode for rel=import we should either always include credentials (and
thus require more complicated CORS headers) or never.

Received on Sunday, 27 July 2014 11:18:52 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:14:26 UTC