That is correct. Thanks Bin
From: Paul Libbrecht [mailto:[email protected]] Sent: Wednesday, May 08, 2013 1:14 PM To: HU, BIN Cc: Hallvord Reiar Michaelsen Steen; Jonas Sicking; Anne van Kesteren; WebApps WG; WebAppSec WG Subject: Re: Fetch: HTTP authentication and CORS On 7 mai 2013, at 02:23, HU, BIN wrote: Because "nonce" is needed to generate the appropriate digest, the 401 challenge is required. So the lesson here is: any developer that intends to use authenticated XHR should always start with an XHR that is a simple ping-like GET, then do the real things. Right? Paul
