On Wed, Mar 20, 2013 at 2:31 PM, Anne van Kesteren <[email protected]> wrote: > > That said, allowing both anonymous and non-anonymous requests to do > > xhr.setRequestHeader("referer", "") might be a good idea. I.e. being > > able to set it explicitly to the empty string. > > Okay. > > Does anonymous also mean not handling 401 by prompting the user?
I think so yes. > What about 407? The fact that there's a proxy that the user needs to log in to should never be exposed to the platform I would think. Nor should the platform be able to affect how the user interacts with such a proxy. / Jonas
