[whatwg] Fetch: cross-origin redirect to a data URL

Say <img> does a cross-origin request. The response to that request is
a redirect with the appropriate CORS headers set. The new location is
a data URL. Should that URL be tainted or not? I tend to think we
should make that work.

(By the way, if you're interested. I'm working on a new specification
that merges HTML fetch and CORS, named Fetch.
http://wiki.whatwg.org/wiki/Fetch has the rough outline so far,
including an algorithm at the bottom. The idea is that everything in
the platform that does network requests ties into that (in particular
the fetch function which dispatches as appropriate).)


-- 
http://annevankesteren.nl/

Received on Sunday, 24 February 2013 18:33:25 UTC