On Tue, Feb 12, 2013 at 8:00 PM, Anne van Kesteren wrote:
> Hmm I see what you mean. But the user agent can provide the
> Authorization header too based on a previous visit. That is the
> meaning that is most often meant, but in the particular case of CORS
> the semantics are subtly different. Not
On Tue, Feb 12, 2013 at 7:52 PM, Monsur Hossain wrote:
> I think what was confusing to me is that the
> Access-Control-Allow-Credentials section of the CORS spec indicates that a
> "true" value "indicates that the actual request can include user
> credentials."
>
> In the case of cookies, both the
On Tue, Feb 12, 2013 at 1:36 PM, Anne van Kesteren wrote:
> On Tue, Feb 12, 2013 at 7:30 PM, Monsur Hossain wrote:
> > On Tue, Feb 12, 2013 at 3:37 AM, Anne van Kesteren
> wrote:
> >> User credentials stored by the user agent based on a previous visit to
> the
> >> URL.
> >
> > Ok thanks. I thi
On Tue, Feb 12, 2013 at 7:30 PM, Monsur Hossain wrote:
> On Tue, Feb 12, 2013 at 3:37 AM, Anne van Kesteren wrote:
>> User credentials stored by the user agent based on a previous visit to the
>> URL.
>
> Ok thanks. I think it would be useful if the "HTTP authentication" in the
> above sentence s
On Tue, Feb 12, 2013 at 3:37 AM, Anne van Kesteren wrote:
> On Tue, Feb 12, 2013 at 4:24 AM, Monsur Hossain wrote:
> > The XHR spec defines "user credentials" as "cookies, HTTP authentication,
> > and client-side SSL certificates". Its not clear to me what "HTTP
> > authentication" referring to.
On Tue, Feb 12, 2013 at 4:24 AM, Monsur Hossain wrote:
> The XHR spec defines "user credentials" as "cookies, HTTP authentication,
> and client-side SSL certificates". Its not clear to me what "HTTP
> authentication" referring to.
>
> I assumed it was referring to the HTTP authentication in RFC 26