W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2012

Re: [whatwg] Adding crossorigin="" to more elements

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Wed, 28 Nov 2012 23:08:29 -0500
Message-ID: <50B6DFBD.9070301@mit.edu>
To: Ian Hickson <ian@hixie.ch>
Cc: whatwg <whatwg@whatwg.org>, Pablo Flouret <pablof@motorola.com>, "Tab Atkins Jr." <jackalmage@gmail.com>, Robert Kieffer <broofa@fb.com> 
On 11/28/12 11:03 PM, Boris Zbarsky wrote:
>> Inheriting the mode isn't so bad, all it really does is decide whether or
>> not to send an Origin header.
>
> Not quite.  It also affects what happens when the server doesn't respond
> with an appropriate Allow-Origin.

Oh, I see.  You've added this "taint" thing, which you're using for the 
CSS bit.

I don't believe Gecko has any such concept.  We simply fail the load if 
the CORS check fails.  Furthermore, Gecko's behavior is what the CORS 
spec requires: failure to respond properly to a cross-origin CORS 
request must be treated like a network error per CORS.

-Boris
Received on Thursday, 29 November 2012 04:11:21 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:48 UTC