[whatwg] Fetch: crossorigin="anonymous" and XMLHttpRequest
Jonas Sicking
jonas at sicking.cc
Fri Mar 8 13:26:37 PST 2013
On Tue, Feb 26, 2013 at 3:35 AM, Anne van Kesteren <annevk at annevk.nl> wrote:
> There's an unfortunate mismatch currently. new
> XMLHttpRequest({anon:true}) will generate a request where a) origin is
> a globally unique identifier b) referrer source is the URL
> about:blank, and c) credentials are omitted. From those
> crossorigin="anonymous" only does c. Can we still change
> crossorigin="anonymous" to match the anonymous flag semantics of
> XMLHttpRequest or is it too late?
Why do we want the a) and b) behavior? That's not implemented in the
gecko implementation of XHR({ anon: true }) (which precedes the spec
version, so i'm preemptively putting an end to complaints about us not
following the spec)
/ Jonas
More information about the whatwg
mailing list