[webkit-dev] Do we need a "webkitBackground" property for XMLHttpRequest?
abarth at webkit.org
Tue Jul 24 09:58:41 PDT 2012
On Tue, Jul 24, 2012 at 9:28 AM, xuewen.wang
<xuewen.wang at torchmobile.com.cn> wrote:
> Do you know why the chromium has not cancel auth dialog for XHR? Is this
> the main reason?
The network stack folks did a round of removing auth dialogs for
subresources a while back. I'm not sure why they didn't remove the
dialog from XHR. It's possible they ran into compat trouble or that
it was an oversight.
> On 07/24/2012 11:52 PM, Brady Eidson wrote:
>> On Jul 24, 2012, at 2:58 AM, Adam Barth <abarth at webkit.org> wrote:
>>> I don't think we should add this property. Instead we should not ever
>>> present HTTP auth dialogs for any requests other than the main
>>> resource for the top-level frame. Presenting HTTP auth dialogs in
>>> other contexts is a phishing risk.
>> I think there are corporate/financial apps that would break if this was policy.
>>> On Tue, Jul 24, 2012 at 2:47 AM, xuewen <xuewen.wang at torchmobile.com.cn> wrote:
>>>> When we send XMLHttpRequest to access search engines or it is sent from
>>>> chrome extensions, we may do/don't want the browser to show the
>>>> authentication challenge dialog. Should we provide a property to give a
>>>> choice to users such as the "webkitBackground"?
>>>> Please see the bug https://bugs.webkit.org/show_bug.cgi?id=91964
>>>> If we totally disable XHR popping up the challenge dialogs, then how can the
>>>> user request the resource using XHR from the sites across origins and
>>>> requiring authentications? Or will this operation be disallowed in the
>>>> "onReadyStatusChange" and resend it by XHR. Is this the reason to totally
>>>> disable the XHR popping up challenge dialogs?
>>>> Sean Wang
>>> webkit-dev mailing list
>>> webkit-dev at lists.webkit.org
More information about the webkit-dev