[Webkit-unassigned] [Bug 45943] CORS: Cross-domain PROPFIND XHR request for servers with authentication does not work in Safari.
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Sep 17 15:26:34 PDT 2010
https://bugs.webkit.org/show_bug.cgi?id=45943
Alexey Proskuryakov <ap at webkit.org> changed:
What |Removed |Added
----------------------------------------------------------------------------
Status|UNCONFIRMED |RESOLVED
Resolution| |INVALID
CC| |ap at webkit.org,
| |fishd at chromium.org
--- Comment #1 from Alexey Proskuryakov <ap at webkit.org> 2010-09-17 15:26:33 PST ---
This sounds like a serious issue in Chrome loading code, CC'ing Darin Fisher.
Users are never supposed to get an authentication dialog for a cross origin XHR - if they did, that would be an extremely confusing UI. So, the spec forbids it, and the users should be already logged in to the remote site in order for authenticated cross origin requests to work. And even then, the requests only work if "withCredentials" attribute is set on XMLHttpRequest object.
Closing as INVALID, since this is not a bug as reported, but this should be filed in Chrome bug tracker.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list