- From: <bugzilla@jessica.w3.org>
- Date: Tue, 08 May 2012 12:47:46 +0000
- To: public-html-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=16841
Odin Hørthe Omdal <odinho@opera.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |odinho@opera.com
--- Comment #5 from Odin Hørthe Omdal <odinho@opera.com> 2012-05-08 12:47:45 UTC ---
Hmm. What are you more specifically asking about? The user agent always sends a
Origin-header if it's doing a CORS-enabled fetch.
http://dev.w3.org/html5/spec/urls.html#cors-enabled-fetch
So e.g. <img src=cross> will always show you the picture, but it'll be tainted
because that's the default - AFAIK it won't send a origin-header because you
it's mode is "No CORS".
<img src=cross crossorigin>, however, will take a different branch and do a
real cross-fetch (either success or fail).
<img src=same crossorigin> will go into the first branch, but will restart the
algorithm if it's redirected to cross.
So all real cross-domain uses should be sending an Origin-header, AFAICS.
--
Configure bugmail: https://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Tuesday, 8 May 2012 12:48:09 UTC