On Mon, 08 Jun 2009 23:13:29 +0200, Anne van Kesteren <[email protected]> wrote: > On Mon, 08 Jun 2009 19:24:03 +0200, Tyler Close <[email protected]> > wrote: >> For CORS <http://www.w3.org/TR/access-control/>, and other parts of >> web-apps, I think the above agreement is the important take-away from >> this discussion. For sites with advertising, or other third-party >> widgets, it would be nice to have a way for code to issue network >> requests without impersonating the hosting page's Origin. > > We already have a feature to do a request without credentials. Set the > withCredentials flag to false. (If you meant something else that was not > clear from the context, at least to me.)
Though saying that I realize this is currently a strictly cross-origin feature. I suppose we can change that but having the defaults be different is somewhat awkward. -- Anne van Kesteren http://annevankesteren.nl/
