Am 12.04.2010 21:00, schrieb Luke Shepard:
If OAuth ever gets to the point where it replaces Basic auth in the browser,
or used instead of other cookie-based authentication systems, it will gain
native browser support which will use the header exclusively. Until then, JS
code cannot make OAuth requests without other ways to send the token.
As far as I know, JavaScript code can set headers, incl. Authorization
Headers, using the operation setRequestHeaders of the XMLHttpRequest
Object
XMLHttpRequest is limited to the same domain (example.com can make calls to
example.com). When making cross domain requests (example.com requesting data
from facebook.com), different techniques must be used. Many of those techniques
(such as JSONP) are restricted to just modifying the URL, and cannot set
headers or use POST.
I thought "HTTP Origin Headers"
(http://www.petefreitag.com/item/702.cfm) would eliminate that restriction?
regards,
Torsten.
_______________________________________________
OAuth mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/oauth
