Adam: Do you know why the chromium has not cancel auth dialog for XHR? Is this the main reason? Sean Wang On 07/24/2012 11:52 PM, Brady Eidson wrote: > On Jul 24, 2012, at 2:58 AM, Adam Barth <aba...@webkit.org> wrote: > >> I don't think we should add this property. Instead we should not ever >> present HTTP auth dialogs for any requests other than the main >> resource for the top-level frame. Presenting HTTP auth dialogs in >> other contexts is a phishing risk. > I think there are corporate/financial apps that would break if this was > policy. > > Thanks, > ~Brady > >> Adam >> >> >> On Tue, Jul 24, 2012 at 2:47 AM, xuewen <xuewen.w...@torchmobile.com.cn> >> wrote: >>> When we send XMLHttpRequest to access search engines or it is sent from >>> chrome extensions, we may do/don't want the browser to show the >>> authentication challenge dialog. Should we provide a property to give a >>> choice to users such as the "webkitBackground"? >>> >>> Please see the bug https://bugs.webkit.org/show_bug.cgi?id=91964 >>> >>> If we totally disable XHR popping up the challenge dialogs, then how can the >>> user request the resource using XHR from the sites across origins and >>> requiring authentications? Or will this operation be disallowed in the >>> future? >>> >>> One way is to show a form by javascript to ask for the credentials in its >>> "onReadyStatusChange" and resend it by XHR. Is this the reason to totally >>> disable the XHR popping up challenge dialogs? >>> >>> Sean Wang >> _______________________________________________ >> webkit-dev mailing list >> webkit-dev@lists.webkit.org >> http://lists.webkit.org/mailman/listinfo/webkit-dev > . >
_______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo/webkit-dev