Re: [SRI] Requiring CORS for SRI

On Thu, May 7, 2015 at 12:05 PM, Wendy Seltzer <wseltzer@w3.org> wrote:
> Can't we do the fetch without authentication?

You already do that, that's what crossorigin=anonymous does. Firewalls
are the problem, as I said so many times now... I recommend that
everyone that does not realize that CORS is required here takes a
crash course in web security. Here's a start:

  https://annevankesteren.nl/2015/02/same-origin-policy


-- 
https://annevankesteren.nl/

Received on Thursday, 7 May 2015 10:12:06 UTC