[html5] r6143 - [giow] (0) Fix the usage of CORS with <img> to support redirects and to support [...]
whatwg at whatwg.org
whatwg at whatwg.org
Fri May 20 13:12:54 PDT 2011
Author: ianh
Date: 2011-05-20 13:12:52 -0700 (Fri, 20 May 2011)
New Revision: 6143
Modified:
complete.html
index
source
Log:
[giow] (0) Fix the usage of CORS with <img> to support redirects and to support an unprompted CORS response.
Modified: complete.html
===================================================================
--- complete.html 2011-05-18 01:09:32 UTC (rev 6142)
+++ complete.html 2011-05-20 20:12:52 UTC (rev 6143)
@@ -239,7 +239,7 @@
<header class=head id=head><p><a class=logo href=http://www.whatwg.org/ rel=home><img alt=WHATWG height=101 src=/images/logo width=101></a></p>
<hgroup><h1>Web Applications 1.0</h1>
- <h2 class="no-num no-toc">Living Standard — Last Updated 18 May 2011</h2>
+ <h2 class="no-num no-toc">Living Standard — Last Updated 20 May 2011</h2>
</hgroup><dl><dt>Multiple-page version:</dt>
<dd><a href=http://www.whatwg.org/specs/web-apps/current-work/complete/>http://www.whatwg.org/specs/web-apps/current-work/complete/</a></dd>
<dt>One-page version:</dt>
@@ -7224,6 +7224,7 @@
+
<h3 id=common-dom-interfaces><span class=secno>2.8 </span>Common DOM interfaces</h3>
<h4 id=reflecting-content-attributes-in-idl-attributes><span class=secno>2.8.1 </span>Reflecting content attributes in IDL attributes</h4>
@@ -22152,10 +22153,7 @@
<p>If that is not successful, abort these steps.</p>
- <p>Otherwise, if the <a href=#origin>origin</a> of the resulting
- <a href=#absolute-url>absolute URL</a> is not the <a href=#same-origin>same origin</a> as
- the <code><a href=#the-img-element>img</a></code> element's <code><a href=#document>Document</a></code>'s
- <a href=#origin>origin</a>, and the <code><a href=#the-img-element>img</a></code> element has a <code title=attr-img-cross-origin><a href=#attr-img-cross-origin>cross-origin</a></code> attribute, then
+ <p>Otherwise, if the <code><a href=#the-img-element>img</a></code> element has a <code title=attr-img-cross-origin><a href=#attr-img-cross-origin>cross-origin</a></code> attribute, then
perform a <a href=#cross-origin-request>cross-origin request</a>, with the <i>request
URL</i> set to the resulting <a href=#absolute-url>absolute URL</a>, the
<i>source origin</i> set to the <a href=#origin>origin</a> of the
@@ -22163,14 +22161,20 @@
<i>credentials flag</i> set unless the <code title=attr-img-cross-origin><a href=#attr-img-cross-origin>cross-origin</a></code> attribute is in
the <a href=#attr-cross-origin-anonymous title=attr-cross-origin-anonymous>Anonymous</a>
state. Discard any data fetched in this way unless the
- <a href=#cross-origin-request-status>cross-origin request status</a> is set to <i>success</i>.
- If the <a href=#cross-origin-request-status>cross-origin request status</a> is set to
- <i>success</i>, then the element's image data's
- <a href=#origin>origin</a> is forced to be the <code><a href=#the-img-element>img</a></code> element's
- <code><a href=#document>Document</a></code>'s <a href=#origin>origin</a>. <a href=#refsCORS>[CORS]</a></p> <!-- http-origin CORS -->
+ <a href=#cross-origin-request-status>cross-origin request status</a> is set to <i>success</i>
+ by the <a href=#cross-origin-request>cross-origin request</a> algorithm. If the
+ <a href=#cross-origin-request-status>cross-origin request status</a> is set to <i>success</i>,
+ then the element's image data's <a href=#origin>origin</a> is <a href=#concept-origin-forced-img title=concept-origin-forced-img>forced</a> to be the
+ <code><a href=#the-img-element>img</a></code> element's <code><a href=#document>Document</a></code>'s
+ <a href=#origin>origin</a>. <a href=#refsCORS>[CORS]</a></p> <!--
+ http-origin CORS -->
<p>Otherwise, <a href=#fetch>fetch</a> the resulting <a href=#absolute-url>absolute
- URL</a>.</p> <!-- http-origin privacy sensitive -->
+ URL</a>. If the returned resource has an <code title=http-Access-Control-Allow-Origin>Access-Control-Allow-Origin</code>
+ response header, and its value is the literal "<code title="">*</code>" character, then the element's image data's
+ <a href=#origin>origin</a> is <a href=#concept-origin-forced-img title=concept-origin-forced-img>forced</a> to be the
+ <code><a href=#the-img-element>img</a></code> element's <code><a href=#document>Document</a></code>'s
+ <a href=#origin>origin</a>.</p> <!-- http-origin privacy sensitive -->
<p>The resouce obtained in this fashion is the <code><a href=#the-img-element>img</a></code>
element's image data.</p>
@@ -61779,11 +61783,10 @@
<dd>
<dl class=switch><dt>If an image is the image of an <code><a href=#the-img-element>img</a></code> element and
- its image data has a forced origin</dt>
+ its image data has a <a href=#concept-origin-forced-img title=concept-origin-forced-img>forced origin</a></dt>
- <dd>The <a href=#origin>origin</a> is the image data's forced origin.
- (This occurs when the image was successfully obtained using
- CORS.)</dd>
+ <dd>The <a href=#origin>origin</a> is the image data's <dfn id=concept-origin-forced-img title=concept-origin-forced-img>forced origin</dfn>. (This
+ occurs when the image was successfully obtained using CORS.)</dd>
<dt>If an image was served over the network and has an address
Modified: index
===================================================================
--- index 2011-05-18 01:09:32 UTC (rev 6142)
+++ index 2011-05-20 20:12:52 UTC (rev 6143)
@@ -243,7 +243,7 @@
<header class=head id=head><p><a class=logo href=http://www.whatwg.org/ rel=home><img alt=WHATWG height=101 src=/images/logo width=101></a></p>
<hgroup><h1 class=allcaps>HTML</h1>
- <h2 class="no-num no-toc">Living Standard — Last Updated 18 May 2011</h2>
+ <h2 class="no-num no-toc">Living Standard — Last Updated 20 May 2011</h2>
</hgroup><dl><dt><strong>Web developer edition</strong></dt>
<dd><strong><a href=http://developers.whatwg.org/>http://developers.whatwg.org/</a></strong></dd>
<dt>Multiple-page version:</dt>
@@ -7241,6 +7241,7 @@
+
<h3 id=common-dom-interfaces><span class=secno>2.8 </span>Common DOM interfaces</h3>
<h4 id=reflecting-content-attributes-in-idl-attributes><span class=secno>2.8.1 </span>Reflecting content attributes in IDL attributes</h4>
@@ -22169,10 +22170,7 @@
<p>If that is not successful, abort these steps.</p>
- <p>Otherwise, if the <a href=#origin>origin</a> of the resulting
- <a href=#absolute-url>absolute URL</a> is not the <a href=#same-origin>same origin</a> as
- the <code><a href=#the-img-element>img</a></code> element's <code><a href=#document>Document</a></code>'s
- <a href=#origin>origin</a>, and the <code><a href=#the-img-element>img</a></code> element has a <code title=attr-img-cross-origin><a href=#attr-img-cross-origin>cross-origin</a></code> attribute, then
+ <p>Otherwise, if the <code><a href=#the-img-element>img</a></code> element has a <code title=attr-img-cross-origin><a href=#attr-img-cross-origin>cross-origin</a></code> attribute, then
perform a <a href=#cross-origin-request>cross-origin request</a>, with the <i>request
URL</i> set to the resulting <a href=#absolute-url>absolute URL</a>, the
<i>source origin</i> set to the <a href=#origin>origin</a> of the
@@ -22180,14 +22178,20 @@
<i>credentials flag</i> set unless the <code title=attr-img-cross-origin><a href=#attr-img-cross-origin>cross-origin</a></code> attribute is in
the <a href=#attr-cross-origin-anonymous title=attr-cross-origin-anonymous>Anonymous</a>
state. Discard any data fetched in this way unless the
- <a href=#cross-origin-request-status>cross-origin request status</a> is set to <i>success</i>.
- If the <a href=#cross-origin-request-status>cross-origin request status</a> is set to
- <i>success</i>, then the element's image data's
- <a href=#origin>origin</a> is forced to be the <code><a href=#the-img-element>img</a></code> element's
- <code><a href=#document>Document</a></code>'s <a href=#origin>origin</a>. <a href=#refsCORS>[CORS]</a></p> <!-- http-origin CORS -->
+ <a href=#cross-origin-request-status>cross-origin request status</a> is set to <i>success</i>
+ by the <a href=#cross-origin-request>cross-origin request</a> algorithm. If the
+ <a href=#cross-origin-request-status>cross-origin request status</a> is set to <i>success</i>,
+ then the element's image data's <a href=#origin>origin</a> is <a href=#concept-origin-forced-img title=concept-origin-forced-img>forced</a> to be the
+ <code><a href=#the-img-element>img</a></code> element's <code><a href=#document>Document</a></code>'s
+ <a href=#origin>origin</a>. <a href=#refsCORS>[CORS]</a></p> <!--
+ http-origin CORS -->
<p>Otherwise, <a href=#fetch>fetch</a> the resulting <a href=#absolute-url>absolute
- URL</a>.</p> <!-- http-origin privacy sensitive -->
+ URL</a>. If the returned resource has an <code title=http-Access-Control-Allow-Origin>Access-Control-Allow-Origin</code>
+ response header, and its value is the literal "<code title="">*</code>" character, then the element's image data's
+ <a href=#origin>origin</a> is <a href=#concept-origin-forced-img title=concept-origin-forced-img>forced</a> to be the
+ <code><a href=#the-img-element>img</a></code> element's <code><a href=#document>Document</a></code>'s
+ <a href=#origin>origin</a>.</p> <!-- http-origin privacy sensitive -->
<p>The resouce obtained in this fashion is the <code><a href=#the-img-element>img</a></code>
element's image data.</p>
@@ -61799,11 +61803,10 @@
<dd>
<dl class=switch><dt>If an image is the image of an <code><a href=#the-img-element>img</a></code> element and
- its image data has a forced origin</dt>
+ its image data has a <a href=#concept-origin-forced-img title=concept-origin-forced-img>forced origin</a></dt>
- <dd>The <a href=#origin>origin</a> is the image data's forced origin.
- (This occurs when the image was successfully obtained using
- CORS.)</dd>
+ <dd>The <a href=#origin>origin</a> is the image data's <dfn id=concept-origin-forced-img title=concept-origin-forced-img>forced origin</dfn>. (This
+ occurs when the image was successfully obtained using CORS.)</dd>
<dt>If an image was served over the network and has an address
Modified: source
===================================================================
--- source 2011-05-18 01:09:32 UTC (rev 6142)
+++ source 2011-05-20 20:12:52 UTC (rev 6143)
@@ -7081,6 +7081,7 @@
+
<h3>Common DOM interfaces</h3>
<h4>Reflecting content attributes in IDL attributes</h4>
@@ -23867,10 +23868,7 @@
<p>If that is not successful, abort these steps.</p>
- <p>Otherwise, if the <span>origin</span> of the resulting
- <span>absolute URL</span> is not the <span>same origin</span> as
- the <code>img</code> element's <code>Document</code>'s
- <span>origin</span>, and the <code>img</code> element has a <code
+ <p>Otherwise, if the <code>img</code> element has a <code
title="attr-img-cross-origin">cross-origin</code> attribute, then
perform a <span>cross-origin request</span>, with the <i>request
URL</i> set to the resulting <span>absolute URL</span>, the
@@ -23880,15 +23878,24 @@
title="attr-img-cross-origin">cross-origin</code> attribute is in
the <span title="attr-cross-origin-anonymous">Anonymous</span>
state. Discard any data fetched in this way unless the
- <span>cross-origin request status</span> is set to <i>success</i>.
- If the <span>cross-origin request status</span> is set to
- <i>success</i>, then the element's image data's
- <span>origin</span> is forced to be the <code>img</code> element's
- <code>Document</code>'s <span>origin</span>. <a
- href="#refsCORS">[CORS]</a></p> <!-- http-origin CORS -->
+ <span>cross-origin request status</span> is set to <i>success</i>
+ by the <span>cross-origin request</span> algorithm. If the
+ <span>cross-origin request status</span> is set to <i>success</i>,
+ then the element's image data's <span>origin</span> is <span
+ title="concept-origin-forced-img">forced</span> to be the
+ <code>img</code> element's <code>Document</code>'s
+ <span>origin</span>. <a href="#refsCORS">[CORS]</a></p> <!--
+ http-origin CORS -->
<p>Otherwise, <span>fetch</span> the resulting <span>absolute
- URL</span>.</p> <!-- http-origin privacy sensitive -->
+ URL</span>. If the returned resource has an <code
+ title="http-Access-Control-Allow-Origin">Access-Control-Allow-Origin</code>
+ response header, and its value is the literal "<code
+ title="">*</code>" character, then the element's image data's
+ <span>origin</span> is <span
+ title="concept-origin-forced-img">forced</span> to be the
+ <code>img</code> element's <code>Document</code>'s
+ <span>origin</span>.</p> <!-- http-origin privacy sensitive -->
<p>The resouce obtained in this fashion is the <code>img</code>
element's image data.</p>
@@ -70386,11 +70393,12 @@
<dl class="switch">
<dt>If an image is the image of an <code>img</code> element and
- its image data has a forced origin</dt>
+ its image data has a <span
+ title="concept-origin-forced-img">forced origin</span></dt>
- <dd>The <span>origin</span> is the image data's forced origin.
- (This occurs when the image was successfully obtained using
- CORS.)</dd>
+ <dd>The <span>origin</span> is the image data's <dfn
+ title="concept-origin-forced-img">forced origin</dfn>. (This
+ occurs when the image was successfully obtained using CORS.)</dd>
<dt>If an image was served over the network and has an address
More information about the Commit-Watchers
mailing list