On Sat, May 18, 2013 at 1:43 PM, Hallvord Reiar Michaelsen Steen <hallv...@opera.com> wrote: > >> > BTW - have you considered allowing setting withCredentials to "false" for >> > same-origin resources? >> > >> I suspect that would break sites. > > > Possibly, but I find it unlikely - if it's set, it's most likely usually set > to "true", not "false", and it's also most likely rarely set for same-origin > requests. Wonder how hard it would be to ship a test in some beta- or preview > build of some browser..? 8-) > > >> Making a boolean a tri-state with a >> default depending on an external variable is also super confusing. > > > To whom? "Defaults to true for same-origin, false for cross-origin, can be > set to override" seems to give authors a behaviour that's relatively > intuitive. (Authors would not really have to consider the odd tri-state > underpinnings, it still looks like a boolean except with a variable default > behaviour).
It seems confusing to anyone who reads the value. What would it return in the various situations? I.e. before and after .open() has been called, and if .open() was called with a cross-origin URL or not. / Jonas
