On Mon, May 19, 2014 at 10:33 AM, youenn fablet <youe...@gmail.com> wrote: > While looking at http://webkit.org/b/126619, a question came to my mind on > user credentials prompting for cross-origin resources. > WebKit allows prompting users for credentials in case of loading > cross-origin resources (except for XHR).
Having just an exception for XMLHttpRequest seems very strange to me. In the normal same-origin case both XMLHttpRequest and <img> prompt, so if CORS is enabled I would expect both not to prompt. (In general we should more closely investigate where we can avoid prompting and just return the 401 as it's a source of very confusing end user UI.) -- http://annevankesteren.nl/ _______________________________________________ webkit-dev mailing list firstname.lastname@example.org https://lists.webkit.org/mailman/listinfo/webkit-dev