W3C home > Mailing lists > Public > whatwg@whatwg.org > October 2011

[whatwg] [CORS] WebKit tainting image instead of throwing error

From: Anne van Kesteren <annevk@opera.com>
Date: Tue, 04 Oct 2011 20:44:23 +0200
Message-ID: <op.v2ubn91o64w2qv@cm->
On Tue, 04 Oct 2011 20:32:02 +0200, Ian Hickson <ian at hixie.ch> wrote:
> The idea is that if the server explicitly rejected the CORS request, then
> the image should not be usable at all.

FWIW, from a CORS-perspective both scenarios are fine. CORS only cares  
about whether data gets shared in the end. One advantage I can see about  
<img crossorigin> still displaying the image is that the request does not  
use cookies. Not displaying the image probably makes debugging easier  

Anne van Kesteren
Received on Tuesday, 4 October 2011 11:44:23 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:37 UTC