On Thu, 14 Feb 2008, John Panzer wrote: > > Right, I'm not talking about Access-Control, I'm talking about general > HTTP auth[nz]. I don't understand the rationale for AC4CSR's policies > with regard to the Authorization: header
The rationale is really as simple as this: browser vendors don't want to enable a distributed user credentials search. -- Ian Hickson U+1047E )\._.,--....,'``. fL http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,. Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
