I've created a number of JIRAs around CORS (unproxied cross-domain requests) for the DHTML runtime, and will check in a first draft of the functionality in the next days: http://jira.openlaszlo.org/jira/browse/LPP-9922 http://jira.openlaszlo.org/jira/browse/LPP-9897 http://jira.openlaszlo.org/jira/browse/LPP-9897
I will not work on removing proxied dataset support, but on enabling the full functionality of CORS in supported browsers. The use of withCredentials on the XmlHTTPRequest object will require an additional attribute on datasets. https://developer.mozilla.org/En/HTTP_access_control#Requests_with_credentials For CORS requests with credentials, the property xhr.withCredentials has to be set to true - but that shouldn't be the default value. Here are my questions: 1) What should the name of the attribute on the dataset be? 2) What should the value of that attribute be for the SWF10 runtime? Behavior when withCredentials is not set to true, but the server sends a set-cookie response in the headers: The request will not fail, but the cookie will not be set in the browser. One problem is, that Safari's default cookie settings are set to "Accept cookies: Only from sites I visit". That means, even with CORS/withCredentials support, without the user chaning the accept cookies settings to "always", the browser will not accept cookies for CORS requests.
