On Thu, Sep 13, 2012 at 5:11 PM, <[email protected]> wrote: > Its still unclear, given that I was creating the Authorization header as per > RFC 2616 AND the server does not support CORS or advertise CORS but supports > Basic authentication. I would have expected this to fail given that it would > allow a distributed password search.
Yeah, cross-origin that should fail. If you include a Authorization header the user agent will make a preflight request and if the server does not reply appropriately you'll get a network error. -- http://annevankesteren.nl/
