W3C home > Mailing lists > Public > whatwg@whatwg.org > February 2013

[whatwg] Fetch: cross-origin redirect to a data URL

From: Anne van Kesteren <annevk@annevk.nl>
Date: Sun, 24 Feb 2013 18:32:56 +0000
Message-ID: <CADnb78hZqcvdazTLzTAFGWZUHviucnZ4O648vk7eT0nO2Fz7SA@mail.gmail.com>
To: WHATWG <whatwg@whatwg.org>
Say <img> does a cross-origin request. The response to that request is
a redirect with the appropriate CORS headers set. The new location is
a data URL. Should that URL be tainted or not? I tend to think we
should make that work.

(By the way, if you're interested. I'm working on a new specification
that merges HTML fetch and CORS, named Fetch.
http://wiki.whatwg.org/wiki/Fetch has the rough outline so far,
including an algorithm at the bottom. The idea is that everything in
the platform that does network requests ties into that (in particular
the fetch function which dispatches as appropriate).)

Received on Sunday, 24 February 2013 18:33:25 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:09:20 UTC