- From: Boris Zbarsky <bzbarsky@MIT.EDU>
- Date: Wed, 28 Nov 2012 23:08:29 -0500
- To: Ian Hickson <ian@hixie.ch>
- Cc: whatwg <whatwg@whatwg.org>, Pablo Flouret <pablof@motorola.com>, "Tab Atkins Jr." <jackalmage@gmail.com>, Robert Kieffer <broofa@fb.com>
On 11/28/12 11:03 PM, Boris Zbarsky wrote: >> Inheriting the mode isn't so bad, all it really does is decide whether or >> not to send an Origin header. > > Not quite. It also affects what happens when the server doesn't respond > with an appropriate Allow-Origin. Oh, I see. You've added this "taint" thing, which you're using for the CSS bit. I don't believe Gecko has any such concept. We simply fail the load if the CORS check fails. Furthermore, Gecko's behavior is what the CORS spec requires: failure to respond properly to a cross-origin CORS request must be treated like a network error per CORS. -Boris
Received on Thursday, 29 November 2012 04:11:21 UTC