W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2013

Re: [whatwg] Fetch: crossorigin="anonymous" and XMLHttpRequest

From: Jonas Sicking <jonas@sicking.cc>
Date: Fri, 8 Mar 2013 13:26:37 -0800
Message-ID: <CA+c2ei8yHepe=kNGv08Cx+13BUNru_eEDPbYJJ=5kvwOLd13-w@mail.gmail.com>
To: Anne van Kesteren <annevk@annevk.nl>
Cc: WHATWG <whatwg@whatwg.org>
On Tue, Feb 26, 2013 at 3:35 AM, Anne van Kesteren <annevk@annevk.nl> wrote:
> There's an unfortunate mismatch currently. new
> XMLHttpRequest({anon:true}) will generate a request where a) origin is
> a globally unique identifier b) referrer source is the URL
> about:blank, and c) credentials are omitted. From those
> crossorigin="anonymous" only does c. Can we still change
> crossorigin="anonymous" to match the anonymous flag semantics of
> XMLHttpRequest or is it too late?

Why do we want the a) and b) behavior? That's not implemented in the
gecko implementation of XHR({ anon: true }) (which precedes the spec
version, so i'm preemptively putting an end to complaints about us not
following the spec)

/ Jonas
Received on Friday, 8 March 2013 21:27:39 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:56 UTC