>> If OAuth ever gets to the point where it replaces Basic auth in the browser, >> or used instead of other cookie-based authentication systems, it will gain >> native browser support which will use the header exclusively. Until then, JS >> code cannot make OAuth requests without other ways to send the token. >>
> As far as I know, JavaScript code can set headers, incl. Authorization > Headers, using the operation setRequestHeaders of the XMLHttpRequest > Object XMLHttpRequest is limited to the same domain (example.com can make calls to example.com). When making cross domain requests (example.com requesting data from facebook.com), different techniques must be used. Many of those techniques (such as JSONP) are restricted to just modifying the URL, and cannot set headers or use POST. _______________________________________________ OAuth mailing list [email protected] https://www.ietf.org/mailman/listinfo/oauth
