W3C home > Mailing lists > Public > whatwg@whatwg.org > October 2011

[whatwg] [CORS] WebKit tainting image instead of throwing error

From: Ian Hickson <ian@hixie.ch>
Date: Tue, 4 Oct 2011 19:12:35 +0000 (UTC)
Message-ID: <Pine.LNX.4.64.1110041911370.20981@ps20323.dreamhostps.com>
On Tue, 4 Oct 2011, Kenneth Russell wrote:
> 
> As far as I can tell the tainting behavior WebKit implements is correct, 
> and is specified by the text in 
> http://www.whatwg.org/specs/web-apps/current-work/multipage/embedded-content-1.html#the-img-element 
> . Scroll down to step 6 in the algorithm for "When the user agent is to 
> update the image data...". Note that the "default origin behaviour" is 
> set to "taint" when fetching images.

If you do a CORS-enabled fetch, you never get that far. If the CORS check 
fails, the browser is required to act as if a network error occurred.

http://www.whatwg.org/specs/web-apps/current-work/#potentially-cors-enabled-fetch

-- 
Ian Hickson               U+1047E                )\._.,--....,'``.    fL
http://ln.hixie.ch/       U+263A                /,   _.. \   _\  ;`._ ,.
Things that are impossible just take longer.   `._.-(,_..'--(,_..'`-.;.'
Received on Tuesday, 4 October 2011 12:12:35 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:37 UTC