Re: [whatwg/fetch] Take tainted origin flag into account for the same origin check (#834) from Anne van Kesteren on 2018-11-19 (public-webapps-github@w3.org from November 2018)

From: Anne van Kesteren <notifications@github.com>
Date: Mon, 19 Nov 2018 02:04:13 -0800
To: whatwg/fetch <fetch@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <whatwg/fetch/pull/834/c439837919@github.com>

My thinking was that for `<img>` A -> B -> A (without CORS) results in a "same origin" image that can be read through `<canvas>`. HTML would have to poke through the opaque response filter Fetch adds to enable that. (However, given https://github.com/whatwg/fetch/issues/737#issuecomment-439592046 we might be able to change things around here if we wanted.)

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/pull/834#issuecomment-439837919

Received on Monday, 19 November 2018 10:04:34 UTC