On Wed, May 8, 2013 at 5:07 AM, Hallvord Reiar Michaelsen Steen <[email protected]> wrote: > If create an anonymous XHR request, rig it to GET a same-origin resource and > set a custom header, it will trigger a preflight and the same-origin resource > will have to opt in to receiving that custom header? Expected?
Yes. It was added to address: http://www.w3.org/TR/UMP/ However, Gecko currently implements a mozAnon thingie that only omits credentials and does not do the origin/referrer source nullifying. It also hasn't gained any traction beyond that with implementers so maybe it should be removed for now. Dunno. -- http://annevankesteren.nl/
