Per the current XHR spec draft, the Authorization header cannot be set
from JavaScript for security reasons.
As far as I know, no shipping browser blocks it - and when we started
blocking it in WebKit, it caused a compatibility problem, https://bugs.webkit.org/show_bug.cgi?id=24957
.
What
On 01.04.2009, at 13:49, Anne van Kesteren wrote:
Consistency with cross-origin requests where they need to be blocked
to prevent distributed dictionary attacks. I actually thought Opera
already blocked this header and the next Firefox release will do so
as well.
According to
All - on March 30 I attended the BONDI Steering Group's f2f meeting
in Cambridge, MA US.
In the interest of aligning our Widgets specs with BONDI, I said the
following regarding my expectations for Widgets spec publication for
the next three months. I made it clear that I spoke solely as a
On Wed, 01 Apr 2009 09:32:34 +0200, Alexey Proskuryakov a...@webkit.org
wrote:
Per the current XHR spec draft, the Authorization header cannot be set
from JavaScript for security reasons.
As far as I know, no shipping browser blocks it - and when we started
blocking it in WebKit, it caused
Below is the draft agenda for the April 2 Widgets Voice Conference (VC).
Inputs and discussion before the meeting on all of the agenda topics
via public-webapps is encouraged (as it can result in a shortened
meeting).
Logistics: *** NOTE TIME CHANGE FOR non-US PARTICIPANTS ***
Time:
Carmelo and I waited for awhile, but ultimately send our regards. Hopefully
we'll be able to meet up with the rest of the group next week.
PS. Doug, please update the editor's draft!