On Tue, Feb 12, 2013 at 8:00 PM, Anne van Kesteren ann...@annevk.nl wrote:
Hmm I see what you mean. But the user agent can provide the
Authorization header too based on a previous visit. That is the
meaning that is most often meant, but in the particular case of CORS
the semantics are subtly
On Tue, Feb 12, 2013 at 4:24 AM, Monsur Hossain mon...@gmail.com wrote:
The XHR spec defines user credentials as cookies, HTTP authentication,
and client-side SSL certificates. Its not clear to me what HTTP
authentication referring to.
I assumed it was referring to the HTTP authentication in
On Tue, Feb 12, 2013 at 3:37 AM, Anne van Kesteren ann...@annevk.nl wrote:
On Tue, Feb 12, 2013 at 4:24 AM, Monsur Hossain mon...@gmail.com wrote:
The XHR spec defines user credentials as cookies, HTTP authentication,
and client-side SSL certificates. Its not clear to me what HTTP
On Tue, Feb 12, 2013 at 7:30 PM, Monsur Hossain mon...@gmail.com wrote:
On Tue, Feb 12, 2013 at 3:37 AM, Anne van Kesteren ann...@annevk.nl wrote:
User credentials stored by the user agent based on a previous visit to the
URL.
Ok thanks. I think it would be useful if the HTTP authentication
On Tue, Feb 12, 2013 at 1:36 PM, Anne van Kesteren ann...@annevk.nl wrote:
On Tue, Feb 12, 2013 at 7:30 PM, Monsur Hossain mon...@gmail.com wrote:
On Tue, Feb 12, 2013 at 3:37 AM, Anne van Kesteren ann...@annevk.nl
wrote:
User credentials stored by the user agent based on a previous visit
On Tue, Feb 12, 2013 at 7:52 PM, Monsur Hossain mon...@gmail.com wrote:
I think what was confusing to me is that the
Access-Control-Allow-Credentials section of the CORS spec indicates that a
true value indicates that the actual request can include user
credentials.
In the case of cookies,
