On Mon, May 6, 2013 at 1:39 PM, Hallvord Reiar Michaelsen Steen <[email protected]> wrote: > (Could we however fix this in CORS so that the WWW-Authenticate header could > be included in a preflight response where applicable?)
Maybe we should wait for actual complaints about XMLHttpRequest + CORS lacking integrated support for HTTP authentication before complicating the protocol even more with unused garbage. In other words, given that the majority of sites are not using a variant of HTTP authentication at the moment I don't think further enshrining it is worth the cost. -- http://annevankesteren.nl/
