- From: Glenn Maynard <glenn@zewt.org>
- Date: Thu, 14 Mar 2013 12:05:16 -0500
- To: Robin Berjon <robin@w3.org>
- Cc: WHATWG <whatwg@whatwg.org>
On Thu, Mar 14, 2013 at 11:34 AM, Robin Berjon <robin@w3.org> wrote: > People who don't rely on this will never have their users see the prompts, > so it's hardly harming them. > It harmed me slightly just a couple days ago. I moved a page that makes an XHR request from one server to another. The XHR request on the new server accidentally pointed to an unrelated resource that was password-protected. When I loaded the page, I got a password prompt for a resource I absolutely knew didn't require a password, which, until I figured out what was going on, made me worry that my server had been compromised or that some kind of MITM was taking place. I don't know if it's possible or impossible to change this (probably not, at least for XHR initiated from the UI thread), or if it's worth trying, but weird behavior is always harmful, and XHR causing user prompting is definitely weird. There definitely shouldn't be prompting for anything taking place in a worker. -- Glenn Maynard
Received on Thursday, 14 March 2013 17:05:46 UTC