On Thu, 14 Apr 2011 16:17:12 +0200, Leonard Rosenthol <lrosenth@adobe.com> wrote: > Henri wrote: >> In order to maintain the confidentiality properties that browsers now >> provide, we can't allow metadata to be read cross-origin without *some* >> participation of the server that serves the image. >> > > If I can read the image, I should be able to read the metadata. Why > would you need to restrict the metadata access if you don't restrict the > image itself?!? The "image itself" is restricted. Specifically, you can't read out the pixel data of cross-origin images, just like one cannot read text or HTML files from cross-origin resources (without CORS or whatnot). -- Philip Jägenstedt Core Developer Opera SoftwareReceived on Thursday, 14 April 2011 14:36:17 UTC
This archive was generated by hypermail 2.3.1 : Thursday, 29 October 2015 10:16:12 UTC