- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Sat, 13 Jun 2015 08:11:17 +0200
- To: Joel Weinberger <jww@chromium.org>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Fri, Jun 12, 2015 at 7:07 PM, Joel Weinberger <jww@chromium.org> wrote: > I think I understand your point now. If we start silently applying > crossorigin=anonymous now with integrity, it might appear like it's working > in Chrome to a developer, for example, but it might only be working because > CORS is now used, while in an older version of Chrome, it might not be a > CORS request, and thus might fail. Is that an accurate summary? Roughly, in an older version of Chrome, or in fact any browser that does not implement integrity, it won't use CORS and will fail if CORS was used for anything besides integrity. -- https://annevankesteren.nl/
Received on Saturday, 13 June 2015 06:11:41 UTC