Ian Hickson wrote:
Which could be accomplished by banning Authorization: Basic and Authorization: Digest only.On Thu, 14 Feb 2008, John Panzer wrote:Right, I'm not talking about Access-Control, I'm talking about general HTTP auth[nz]. I don't understand the rationale for AC4CSR's policies with regard to the Authorization: headerThe rationale is really as simple as this: browser vendors don't want to enable a distributed user credentials search.
