On 06/18/2011 01:31 AM, Ian Hickson wrote:
On Fri, 17 Jun 2011, Jonas Sicking wrote:
On Wed, 1 Jun 2011, Jonas Sicking wrote:
We should probably consider adding the ability to specify if you want
the request to happen with or without credentials (and default to the
safe option which is without credentials).
Why?
For the same reasons that we're doing it for XHR and for<img>s.
For EventSource, the vast majority of streams are going to be
user-specific, as far as I can tell, so the default should probably just
be to send credentials.
It is a very strange API inconsistency if XHR defaults to
credentials=false, but EventSource to credentials=true.
-Olli
