W3C home > Mailing lists > Public > whatwg@whatwg.org > February 2013

Re: [whatwg] Fetch: crossorigin="anonymous" and XMLHttpRequest

From: Kenneth Russell <kbr@google.com>
Date: Tue, 26 Feb 2013 16:02:05 -0800
Message-ID: <CAMYvS2c_54Lq_nLwDKnkLWnPoRFxaQ2LvKE8i_Q=Zi6PLwdCjQ@mail.gmail.com>
To: Adam Barth <w3c@adambarth.com>
Cc: WHATWG <whatwg@whatwg.org>
Are you referring to the crossOrigin attribute on HTMLImageElement and
HTMLMediaElement? Those are implemented in WebKit. It should be fine
to change crossOrigin="anonymous" requests to satisfy (a) and (b). Any
server that satisfies these anonymous requests in a way compatible
with UAs' caching will ignore the incoming origin and the referrer.

-Ken


On Tue, Feb 26, 2013 at 2:52 PM, Adam Barth <w3c@adambarth.com> wrote:
> WebKit hasn't implemented either, so we don't have any implementation
> constraints in this area.
>
> Adam
>
>
> On Tue, Feb 26, 2013 at 3:35 AM, Anne van Kesteren <annevk@annevk.nl> wrote:
>> There's an unfortunate mismatch currently. new
>> XMLHttpRequest({anon:true}) will generate a request where a) origin is
>> a globally unique identifier b) referrer source is the URL
>> about:blank, and c) credentials are omitted. From those
>> crossorigin="anonymous" only does c. Can we still change
>> crossorigin="anonymous" to match the anonymous flag semantics of
>> XMLHttpRequest or is it too late?
>>
>>
>> --
>> http://annevankesteren.nl/
Received on Wednesday, 27 February 2013 00:02:33 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:09:20 UTC