On Wed, 17 Jun 2009 22:43:07 +0200, Mark S. Miller <[email protected]>
wrote:
Doh! Momentary confusion on my part. Thanks for catching this.
FWIW, by default cross-origin XMLHttpRequest will not include cookies or
HTTP authentication data. The withCredentials flag would have to be set
for this and the requested resource would have to specify the
Access-Control-Allow-Credentials header in the response in addition to the
Access-Control-Allow-Origin header.
--
Anne van Kesteren
http://annevankesteren.nl/
