- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Thu, 7 May 2015 12:11:41 +0200
- To: Wendy Seltzer <wseltzer@w3.org>
- Cc: Frederik Braun <fbraun@mozilla.com>, WebAppSec WG <public-webappsec@w3.org>
On Thu, May 7, 2015 at 12:05 PM, Wendy Seltzer <wseltzer@w3.org> wrote: > Can't we do the fetch without authentication? You already do that, that's what crossorigin=anonymous does. Firewalls are the problem, as I said so many times now... I recommend that everyone that does not realize that CORS is required here takes a crash course in web security. Here's a start: https://annevankesteren.nl/2015/02/same-origin-policy -- https://annevankesteren.nl/
Received on Thursday, 7 May 2015 10:12:06 UTC