On Tue, Feb 26, 2013 at 3:35 AM, Anne van Kesteren <ann...@annevk.nl> wrote: > There's an unfortunate mismatch currently. new > XMLHttpRequest({anon:true}) will generate a request where a) origin is > a globally unique identifier b) referrer source is the URL > about:blank, and c) credentials are omitted. From those > crossorigin="anonymous" only does c. Can we still change > crossorigin="anonymous" to match the anonymous flag semantics of > XMLHttpRequest or is it too late?
Why do we want the a) and b) behavior? That's not implemented in the gecko implementation of XHR({ anon: true }) (which precedes the spec version, so i'm preemptively putting an end to complaints about us not following the spec) / Jonas