- From: Anne van Kesteren <annevk@opera.com>
- Date: Tue, 11 Oct 2011 12:53:35 +0900
- To: "WebApps WG" <public-webapps@w3.org>
Currently if a resource sharing check fails cookies will still be set for a credentialed request similarly to how they would be with <form> or <img>. However, it seems that HTML defines for <img crossorigin> that the UA must act as if there was no response at all. That does not work of course for the normal <img> case where the server could still opt in to sharing, but would work for XMLHttpRequest. I think I will try to adopt that stricter behavior. Please speak up if you disagree. -- Anne van Kesteren http://annevankesteren.nl/
Received on Tuesday, 11 October 2011 03:54:14 UTC