W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2013

Re: Re: Re: Fetch: HTTP authentication and CORS

From: Anne van Kesteren <annevk@annevk.nl>
Date: Mon, 6 May 2013 15:59:07 -0700
Message-ID: <CADnb78i=3hzPDvisbKhyUUfzYzOcTK=B42tB1hU-fRX2BONGBQ@mail.gmail.com>
To: Hallvord Reiar Michaelsen Steen <hallvord@opera.com>
Cc: Jonas Sicking <jonas@sicking.cc>, WebAppSec WG <public-webappsec@w3.org>, WebApps WG <public-webapps@w3.org>
On Mon, May 6, 2013 at 1:39 PM, Hallvord Reiar Michaelsen Steen
<hallvord@opera.com> wrote:
> (Could we however fix this in CORS so that the WWW-Authenticate header could be included in a preflight response where applicable?)

Maybe we should wait for actual complaints about XMLHttpRequest + CORS
lacking integrated support for HTTP authentication before complicating
the protocol even more with unused garbage. In other words, given that
the majority of sites are not using a variant of HTTP authentication
at the moment I don't think further enshrining it is worth the cost.

Received on Monday, 6 May 2013 22:59:34 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:01 UTC