- From: Daniel Veditz <notifications@github.com>
- Date: Mon, 11 Oct 2021 19:17:24 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 12 October 2021 02:17:36 UTC
> CSS shape fetching is done with CORS, but I'm not sure if that's defined anywhere or just in implementation. It had better be defined somewhere! This otherwise violates the same-origin policy. CSS Shapes Module Level 1 (2014) was pretty specific about using CORS when using images: > User agents must use the potentially CORS-enabled fetch method defined by the [HTML5] specification for all URLs in a shape-outside value. When fetching, user agents must use "Anonymous" mode, set the referrer source to the stylesheet’s URL and set the origin to the URL of the containing document. _(from https://www.w3.org/TR/css-shapes-1/#shape-outside-property)_ Level 2 doesn't mention CORS _anywhere_, not even for the old stuff. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/1324#issuecomment-940596391
Received on Tuesday, 12 October 2021 02:17:36 UTC