[whatwg] Fetch: HTTP Authentication

Robin Berjon robin at w3.org
Thu Mar 14 10:02:54 PDT 2013

On 14/03/2013 16:57 , Anne van Kesteren wrote:
> On Thu, Mar 14, 2013 at 4:34 PM, Robin Berjon <robin at w3.org> wrote:
>> People who *do* rely on this (assuming they exist — in this case they
>> probably do somewhere) will find their services broken if we change it. So
>> on the face of things, I get the impression that there's zero cost in
>> keeping things the way they are, and risk in changing them.
> Sure, I meant for new contexts and maybe some existing contexts, such
> as workers.

Oh, yes, agreed — for anything new this is madness. And I doubt anything 
recent relies on it, either.

> Also, for shared workers it's not entirely clear which
> browsing context you'd prompt in if an importScript() or same-origin
> XMLHttpRequest happened.

I think that's definitely a bug.

>> I think that the lack of interoperability, and the complete inanity of
>> prompting in browsers where it happens, is more problematic in the case of
>> unsafe redirects.
> There should simply be no prompting there, it makes no sense.

It's not just madness, it's different madness everywhere :)

Robin Berjon - http://berjon.com/ - @robinberjon

More information about the whatwg mailing list