[cors] what's an example a simple request with credentials?
I am failing to come up with a sequence of calls to XMLHttpRequest that will trigger credential processing while remaining a simple request. Explicit credentials passed to open() are prohibited for all cross-origin requests, and url-embedded credentials seem to trigger the same prohibition. An Authorization header is non-simple. Certificates would be rather gigantically difficult in the testing environment I'm working with. There's talk of cookies, but those would also make the request non-simple, wouldn't they?
Re: [cors] what's an example a simple request with credentials?
On Fri, Dec 23, 2011 at 11:03 AM, Benson Margulies bimargul...@gmail.comwrote: I am failing to come up with a sequence of calls to XMLHttpRequest that will trigger credential processing while remaining a simple request. Explicit credentials passed to open() are prohibited for all cross-origin requests, Have you set withCredentials = true; ? and url-embedded credentials seem to trigger the same prohibition. An Authorization header is non-simple. Certificates would be rather gigantically difficult in the testing environment I'm working with. There's talk of cookies, but those would also make the request non-simple, wouldn't they? -- *Sencha* Jarred Nicholls, Senior Software Architect @jarrednicholls http://twitter.com/jarrednicholls
Re: [cors] what's an example a simple request with credentials?
On Fri, Dec 23, 2011 at 11:13 AM, Jarred Nicholls jar...@sencha.com wrote: On Fri, Dec 23, 2011 at 11:03 AM, Benson Margulies bimargul...@gmail.com wrote: I am failing to come up with a sequence of calls to XMLHttpRequest that will trigger credential processing while remaining a simple request. Explicit credentials passed to open() are prohibited for all cross-origin requests, Have you set withCredentials = true; ? Yes, but don't I actually have to have some credentials as well? I thought i tested this, but I may not have, so I'll go test it again. and url-embedded credentials seem to trigger the same prohibition. An Authorization header is non-simple. Certificates would be rather gigantically difficult in the testing environment I'm working with. There's talk of cookies, but those would also make the request non-simple, wouldn't they? -- Sencha Jarred Nicholls, Senior Software Architect @jarrednicholls
