I don't think we should add this property. Instead we should not ever present HTTP auth dialogs for any requests other than the main resource for the top-level frame. Presenting HTTP auth dialogs in other contexts is a phishing risk.
Adam On Tue, Jul 24, 2012 at 2:47 AM, xuewen <[email protected]> wrote: > > When we send XMLHttpRequest to access search engines or it is sent from > chrome extensions, we may do/don't want the browser to show the > authentication challenge dialog. Should we provide a property to give a > choice to users such as the "webkitBackground"? > > Please see the bug https://bugs.webkit.org/show_bug.cgi?id=91964 > > If we totally disable XHR popping up the challenge dialogs, then how can the > user request the resource using XHR from the sites across origins and > requiring authentications? Or will this operation be disallowed in the > future? > > One way is to show a form by javascript to ask for the credentials in its > "onReadyStatusChange" and resend it by XHR. Is this the reason to totally > disable the XHR popping up challenge dialogs? > > Sean Wang _______________________________________________ webkit-dev mailing list [email protected] http://lists.webkit.org/mailman/listinfo/webkit-dev
