hixie: Fix the usage of CORS with <img> to support redirects and to support an unprompted CORS response. (whatwg r6143)

hixie: Fix the usage of CORS with <img> to support redirects and to
support an unprompted CORS response. (whatwg r6143)

http://dev.w3.org/cvsweb/html5/spec/Overview.html?r1=1.4941&r2=1.4942&f=h
http://html5.org/tools/web-apps-tracker?from=6142&to=6143

===================================================================
RCS file: /sources/public/html5/spec/Overview.html,v
retrieving revision 1.4941
retrieving revision 1.4942
diff -u -d -r1.4941 -r1.4942
--- Overview.html 18 May 2011 01:09:39 -0000 1.4941
+++ Overview.html 20 May 2011 20:13:02 -0000 1.4942
@@ -18553,10 +18553,7 @@
 
     <p>If that is not successful, abort these steps.</p>
 
-    <p>Otherwise, if the <a href="#origin">origin</a> of the resulting
-    <a href="#absolute-url">absolute URL</a> is not the <a href="#same-origin">same origin</a> as
-    the <code><a href="#the-img-element">img</a></code> element's <code><a href="#document">Document</a></code>'s
-    <a href="#origin">origin</a>, and the <code><a href="#the-img-element">img</a></code> element has a <code title="attr-img-cross-origin"><a href="#attr-img-cross-origin">cross-origin</a></code> attribute, then
+    <p>Otherwise, if the <code><a href="#the-img-element">img</a></code> element has a <code title="attr-img-cross-origin"><a href="#attr-img-cross-origin">cross-origin</a></code> attribute, then
     perform a <a href="#cross-origin-request">cross-origin request</a>, with the <i>request
     URL</i> set to the resulting <a href="#absolute-url">absolute URL</a>, the
     <i>source origin</i> set to the <a href="#origin">origin</a> of the
@@ -18564,14 +18561,18 @@
     <i>credentials flag</i> set unless the <code title="attr-img-cross-origin"><a href="#attr-img-cross-origin">cross-origin</a></code> attribute is in
     the <a href="#attr-cross-origin-anonymous" title="attr-cross-origin-anonymous">Anonymous</a>
     state. Discard any data fetched in this way unless the
-    <a href="#cross-origin-request-status">cross-origin request status</a> is set to <i>success</i>.
-    If the <a href="#cross-origin-request-status">cross-origin request status</a> is set to
-    <i>success</i>, then the element's image data's
-    <a href="#origin">origin</a> is forced to be the <code><a href="#the-img-element">img</a></code> element's
-    <code><a href="#document">Document</a></code>'s <a href="#origin">origin</a>. <a href="#refsCORS">[CORS]</a></p> 
-
+    <a href="#cross-origin-request-status">cross-origin request status</a> is set to <i>success</i>
+    by the <a href="#cross-origin-request">cross-origin request</a> algorithm. If the
+    <a href="#cross-origin-request-status">cross-origin request status</a> is set to <i>success</i>,
+    then the element's image data's <a href="#origin">origin</a> is <a href="#concept-origin-forced-img" title="concept-origin-forced-img">forced</a> to be the
+    <code><a href="#the-img-element">img</a></code> element's <code><a href="#document">Document</a></code>'s
+    <a href="#origin">origin</a>. <a href="#refsCORS">[CORS]</a></p> 
     <p>Otherwise, <a href="#fetch">fetch</a> the resulting <a href="#absolute-url">absolute
-    URL</a>.</p> 
+    URL</a>. If the returned resource has an <code title="http-Access-Control-Allow-Origin">Access-Control-Allow-Origin</code>
+    response header, and its value is the literal "<code title="">*</code>" character, then the element's image data's
+    <a href="#origin">origin</a> is <a href="#concept-origin-forced-img" title="concept-origin-forced-img">forced</a> to be the
+    <code><a href="#the-img-element">img</a></code> element's <code><a href="#document">Document</a></code>'s
+    <a href="#origin">origin</a>.</p> 
 
     <p>The resouce obtained in this fashion is the <code><a href="#the-img-element">img</a></code>
     element's image data.</p>
@@ -44066,11 +44067,10 @@
    <dd>
 
     <dl class="switch"><dt>If an image is the image of an <code><a href="#the-img-element">img</a></code> element and
-     its image data has a forced origin</dt>
+     its image data has a <a href="#concept-origin-forced-img" title="concept-origin-forced-img">forced origin</a></dt>
 
-     <dd>The <a href="#origin">origin</a> is the image data's forced origin.
-     (This occurs when the image was successfully obtained using
-     CORS.)</dd>
+     <dd>The <a href="#origin">origin</a> is the image data's <dfn id="concept-origin-forced-img" title="concept-origin-forced-img">forced origin</dfn>. (This
+     occurs when the image was successfully obtained using CORS.)</dd>
 
 
      <dt>If an image was served over the network and has an address

Received on Friday, 20 May 2011 20:15:23 UTC