On 11/28/12 11:03 PM, Boris Zbarsky wrote: >> Inheriting the mode isn't so bad, all it really does is decide whether or >> not to send an Origin header. > > Not quite. It also affects what happens when the server doesn't respond > with an appropriate Allow-Origin. Oh, I see. You've added this "taint" thing, which you're using for the CSS bit. I don't believe Gecko has any such concept. We simply fail the load if the CORS check fails. Furthermore, Gecko's behavior is what the CORS spec requires: failure to respond properly to a cross-origin CORS request must be treated like a network error per CORS. -BorisReceived on Thursday, 29 November 2012 04:11:21 UTC
This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:48 UTC