- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Tue, 04 Oct 2011 14:50:30 -0400
On 10/4/11 2:32 PM, Odin H?rthe Omdal wrote: > WebKit, on the other hand, only taints the image and loads it anyway, > breaking the spec. File a bug on them please? The idea of CORS is that CORS-using requests stop making the harmful distinction between ability to embed and ability to read. That's why CORS had to be opt-in for images. If WebKit is not implenenting this properly, they just need to fix their code... And in particular an <img crossorigin> that's in the DOM and fails the CORS checks should not render the image on the page. Anything else is just broken. -Boris
Received on Tuesday, 4 October 2011 11:50:30 UTC