[webkit-dev] Do we need a "webkitBackground" property for XMLHttpRequest?

Adam Barth abarth at webkit.org
Tue Jul 24 09:58:41 PDT 2012

On Tue, Jul 24, 2012 at 9:28 AM, xuewen.wang
<xuewen.wang at torchmobile.com.cn> wrote:
> Do you know why the chromium has not cancel auth dialog for XHR? Is this
> the main reason?

The network stack folks did a round of removing auth dialogs for
subresources a while back.  I'm not sure why they didn't remove the
dialog from XHR.  It's possible they ran into compat trouble or that
it was an oversight.


> On 07/24/2012 11:52 PM, Brady Eidson wrote:
>> On Jul 24, 2012, at 2:58 AM, Adam Barth <abarth at webkit.org> wrote:
>>> I don't think we should add this property.  Instead we should not ever
>>> present HTTP auth dialogs for any requests other than the main
>>> resource for the top-level frame.  Presenting HTTP auth dialogs in
>>> other contexts is a phishing risk.
>> I think there are corporate/financial apps that would break if this was policy.
>> Thanks,
>> ~Brady
>>> Adam
>>> On Tue, Jul 24, 2012 at 2:47 AM, xuewen <xuewen.wang at torchmobile.com.cn> wrote:
>>>> When we send XMLHttpRequest  to access search engines or it is sent from
>>>> chrome extensions,  we may do/don't want the browser to show the
>>>> authentication challenge dialog. Should we provide a property to give a
>>>> choice to users such as the "webkitBackground"?
>>>> Please see the bug https://bugs.webkit.org/show_bug.cgi?id=91964
>>>> If we totally disable XHR popping up the challenge dialogs, then how can the
>>>> user request the resource using XHR from the sites across origins and
>>>> requiring authentications? Or will this operation be disallowed in the
>>>> future?
>>>> One way is to show a form by javascript to ask for the credentials in its
>>>> "onReadyStatusChange" and resend it by XHR. Is this the reason to totally
>>>> disable the XHR popping up challenge dialogs?
>>>> Sean Wang
>>> _______________________________________________
>>> webkit-dev mailing list
>>> webkit-dev at lists.webkit.org
>>> http://lists.webkit.org/mailman/listinfo/webkit-dev
>> .

More information about the webkit-dev mailing list