> > BTW - have you considered allowing setting withCredentials to "false" for > > same-origin resources? >
> I suspect that would break sites. Possibly, but I find it unlikely - if it's set, it's most likely usually set to "true", not "false", and it's also most likely rarely set for same-origin requests. Wonder how hard it would be to ship a test in some beta- or preview build of some browser..? 8-) > Making a boolean a tri-state with a > default depending on an external variable is also super confusing. To whom? "Defaults to true for same-origin, false for cross-origin, can be set to override" seems to give authors a behaviour that's relatively intuitive. (Authors would not really have to consider the odd tri-state underpinnings, it still looks like a boolean except with a variable default behaviour). It might be weird and confusing to implement though.. -- Hallvord R. M. Steen Core tester, Opera Software
