Updates:
Status: Upstream
Owner: [email protected]
Cc: [email protected]
Labels: -Area-Misc -FeedbackRequested Area-WebKit mstone2.0
Comment #13 on issue 8935 by [email protected]: Gmail calendar widget
doesn't load
http://code.google.com/p/chromium/issues/detail?id=8935
See the WebKit bug for more information:
https://bugs.webkit.org/show_bug.cgi?id=24957
The Widget requires XHR to be able to set Authorization headers, which are
currently
disallowed by the HTML5 XHR spec.
Relevant section of the spec:
http://www.w3.org/TR/XMLHttpRequest2/#request-metadata
scroll down to the section "When setRequestHeader() is invoked, the user
agent must
follow the following steps (unless otherwise indicated)..."
The spec suggests that having a different header is a workaround with these
limitation, "The above headers are not allowed to be set as they are better
controlled by the user agent as it knows best what value they should have.
Header
names starting with Sec- are not allowed to be set to allow new headers to
be minted
in the future that are guaranteed not to come from XMLHttpRequest. (Older
clients
would however still be vulnerable as they allow such headers to be set.)"
--
You received this message because you are listed in the owner
or CC fields of this issue, or because you starred this issue.
You may adjust your issue notification preferences at:
http://code.google.com/hosting/settings
--~--~---------~--~----~------------~-------~--~----~
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/group/chromium-bugs
-~----------~----~----~----~------~----~------~--~---
