Hi all, While looking at http://webkit.org/b/126619, a question came to my mind on user credentials prompting for cross-origin resources. WebKit allows prompting users for credentials in case of loading cross-origin resources (except for XHR).
>From my reading of http://fetch.spec.whatwg.org/#http-fetch, user should not be prompted for credentials on cross origin requests. In terms of browser interoperability, a few tests seem to show that WebKit and Mozilla allow prompting users while Chrome does not always. Different paths could be chosen: 1. Stick with the current behavior 2. Remove user credential prompting for cross-origin requests in places where chances to break web sites are low (video loading ? resource loading in case @crossorigin="use-credentials" ?) 3. Remove user credential prompting for cross-origin requests. Any idea on where we should be heading? Youenn
_______________________________________________ webkit-dev mailing list [email protected] https://lists.webkit.org/mailman/listinfo/webkit-dev
