http://gwt-code-reviews.appspot.com/1879804/diff/1/user/src/com/google/gwt/xhr/client/XMLHttpRequest.java File user/src/com/google/gwt/xhr/client/XMLHttpRequest.java (right):
http://gwt-code-reviews.appspot.com/1879804/diff/1/user/src/com/google/gwt/xhr/client/XMLHttpRequest.java#newcode377 user/src/com/google/gwt/xhr/client/XMLHttpRequest.java:377: if ("withCredentials" in this.xmlHttpRequest) { Is this check really needed? That XHR class is low-level, you're supposed to know what you're doing when using it. Calling setWithCredentials() on a non-cross-origin request is probably a mistake, and I wouldn't really care that it throws in browsers not supporting CORS (e.g. IE up to and including IE9), and if the browser doesn't support CORS and you try to do a cross-origin request, then open() would throw anyway, so it doesn't seem worth it to avoid an exception in setWithCredentials. http://gwt-code-reviews.appspot.com/1879804/ -- http://groups.google.com/group/Google-Web-Toolkit-Contributors