On Tue, Jul 29, 2014 at 12:21 AM, Hajime Morrita wrote:
> I think following XHR behavior makes sense because it is well understood as
> it's been there for a long time and both imports and XHR load documents.
I guess. It's also really weird.
--
http://annevankesteren.nl/
I encountered a pre-release site that uses credentials to protect it from
public.
Imports in that site failed to load because the UA didn't send credentials.
The current behavior solved this problem.
There are a couple of options that I didn't take:
- Always send credentials: We clearly shouldn't
On Tue, Jul 22, 2014 at 12:36 AM, Hajime Morrita wrote:
> It behaved like that before. I changed it to current one so that it works
> with credential-protected in-house or staged apps.
You'll need to elaborate a bit, I'm not sure I understand. In any
event, I think XMLHttpRequest's default behavi
It behaved like that before. I changed it to current one so that it works
with credential-protected in-house or staged apps.
On Wed, Jul 16, 2014 at 10:58 PM, Hajime Morrita wrote:
> https://github.com/w3c/webcomponents/commit/90da4809a207916486bc7af83a568f3762e780a0
Does this really make sense though?
We want to include credentials for same-origin fetches, but not
cross-origin? Why not always exclude them in that cas
That's right. Thanks for the catch!
Fixed:
https://github.com/w3c/webcomponents/commit/90da4809a207916486bc7af83a568f3762e780a0
On Tue, Jul 15, 2014 at 10:00 AM, Boris Zbarsky wrote:
> In http://w3c.github.io/webcomponents/spec/imports/#fetching-import the
> spec says:
>
> Fetch a resource fr