- From: Jonas Sicking <jonas@sicking.cc>
- Date: Fri, 8 Mar 2013 13:26:37 -0800
- To: Anne van Kesteren <annevk@annevk.nl>
- Cc: WHATWG <whatwg@whatwg.org>
On Tue, Feb 26, 2013 at 3:35 AM, Anne van Kesteren <annevk@annevk.nl> wrote:
> There's an unfortunate mismatch currently. new
> XMLHttpRequest({anon:true}) will generate a request where a) origin is
> a globally unique identifier b) referrer source is the URL
> about:blank, and c) credentials are omitted. From those
> crossorigin="anonymous" only does c. Can we still change
> crossorigin="anonymous" to match the anonymous flag semantics of
> XMLHttpRequest or is it too late?
Why do we want the a) and b) behavior? That's not implemented in the
gecko implementation of XHR({ anon: true }) (which precedes the spec
version, so i'm preemptively putting an end to complaints about us not
following the spec)
/ Jonas
Received on Friday, 8 March 2013 21:27:39 UTC