There's no reason to send to be sending credentials to openstreetmaps.
Chrome will refuse to parse the response, and rightfully so. While possibly intentional, this is a great way to bleed credentials cross domain. We may want to review old browser cases to see if we were doing this, because that would be... bad.
FesterCluck
commented
7 years ago
There's no reason to send to be sending credentials to openstreetmaps. Chrome will refuse to parse the response, and rightfully so. While possibly intentional, this is a great way to bleed credentials cross domain. We may want to review old browser cases to see if we were doing this, because that would be... bad.
Please consider this patch as urgent.