- From: Anne van Kesteren <notifications@github.com>
- Date: Mon, 07 May 2018 18:09:56 +0000 (UTC)
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 7 May 2018 18:10:21 UTC
annevk commented on this pull request.
> +<a>XML MIME type</a> excluding <code>image/svg+xml</code>.
+
+<p class="note no-backref">Accessing cross-origin resources with <a>CORB-protected MIME types</a> is
+managed by the <a>CORS protocol</a> (e.g., in case of <a><code>fetch()</code></a> or
+{{XMLHttpRequest}}), not observable (e.g., in case of pings or CSP reports which ignore the
+response), or would result in an error (e.g., when failing to decode an HTML document embedded in an
+<code>img</code> tag as an image). This means that CORB can block <a>CORB-protected MIME types</a>
+resources without being disruptive to web pages.
+
+<p>To perform a <dfn noexport>CORB check</dfn>, given a <var>request</var> and <var>response</var>,
+run these steps:</p>
+
+<ol>
+ <li><p>If <var>request</var>'s <a for=request>initiator</a> is "<code>download</code>", then return
+ <b>allowed</b>.
+ <!-- XXX If we recast downloading as navigation this step can be removed. -->
That seems fine.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/686#discussion_r186502340
Received on Monday, 7 May 2018 18:10:21 UTC