On Jul 24, 2012, at 2:58 AM, Adam Barth <aba...@webkit.org> wrote: > I don't think we should add this property. Instead we should not ever > present HTTP auth dialogs for any requests other than the main > resource for the top-level frame. Presenting HTTP auth dialogs in > other contexts is a phishing risk.
I think there are corporate/financial apps that would break if this was policy. Thanks, ~Brady > > Adam > > > On Tue, Jul 24, 2012 at 2:47 AM, xuewen <xuewen.w...@torchmobile.com.cn> > wrote: >> >> When we send XMLHttpRequest to access search engines or it is sent from >> chrome extensions, we may do/don't want the browser to show the >> authentication challenge dialog. Should we provide a property to give a >> choice to users such as the "webkitBackground"? >> >> Please see the bug https://bugs.webkit.org/show_bug.cgi?id=91964 >> >> If we totally disable XHR popping up the challenge dialogs, then how can the >> user request the resource using XHR from the sites across origins and >> requiring authentications? Or will this operation be disallowed in the >> future? >> >> One way is to show a form by javascript to ask for the credentials in its >> "onReadyStatusChange" and resend it by XHR. Is this the reason to totally >> disable the XHR popping up challenge dialogs? >> >> Sean Wang > _______________________________________________ > webkit-dev mailing list > webkit-dev@lists.webkit.org > http://lists.webkit.org/mailman/listinfo/webkit-dev _______________________________________________ webkit-dev mailing list webkit-dev@lists.webkit.org http://lists.webkit.org/mailman/listinfo/webkit-dev
