- From: Philip Jägenstedt <philipj@opera.com>
- Date: Thu, 14 Apr 2011 16:35:47 +0200
- To: public-html@w3.org
On Thu, 14 Apr 2011 16:17:12 +0200, Leonard Rosenthol <lrosenth@adobe.com> wrote: > Henri wrote: >> In order to maintain the confidentiality properties that browsers now >> provide, we can't allow metadata to be read cross-origin without *some* >> participation of the server that serves the image. >> > > If I can read the image, I should be able to read the metadata. Why > would you need to restrict the metadata access if you don't restrict the > image itself?!? The "image itself" is restricted. Specifically, you can't read out the pixel data of cross-origin images, just like one cannot read text or HTML files from cross-origin resources (without CORS or whatnot). -- Philip Jägenstedt Core Developer Opera Software
Received on Thursday, 14 April 2011 14:36:17 UTC