Currently, synchronous preflight loading options are the same as the request triggering the preflight.
Created attachment 282547 [details] Patch
(In reply to comment #0) > Currently, synchronous preflight loading options are the same as the request > triggering the preflight. Note that this change should have no real effect as credentials should be disabled when creating the preflight request. Some layout tests actually check that, like LayoutTests/http/tests/xmlhttprequest/access-control-preflight-credential-sync.html
Comment on attachment 282547 [details] Patch View in context: https://bugs.webkit.org/attachment.cgi?id=282547&action=review > Source/WebCore/ChangeLog:8 > + Like for asynchronous preflighting, synchronous preflighting loading options should disqble any credentials. disable > Source/WebCore/ChangeLog:11 > + No change of behavior as preflight request is expressly set to not use credentials in > + createAccessControlPreflightRequest. Then why make the change?
(In reply to comment #3) > Comment on attachment 282547 [details] > Patch > > View in context: > https://bugs.webkit.org/attachment.cgi?id=282547&action=review > > > Source/WebCore/ChangeLog:8 > > + Like for asynchronous preflighting, synchronous preflighting loading options should disqble any credentials. > > disable > > > Source/WebCore/ChangeLog:11 > > + No change of behavior as preflight request is expressly set to not use credentials in > > + createAccessControlPreflightRequest. > > Then why make the change? Because the code looks wrong with the spec, is inconsistent with the async path and may be broken more easily.
Comment on attachment 282547 [details] Patch True.
Comment on attachment 282547 [details] Patch Clearing flags on attachment: 282547 Committed r202779: <http://trac.webkit.org/changeset/202779>
All reviewed patches have been landed. Closing bug.