[whatwg] CORS requests for image and video elements

Glenn Maynard glenn at zewt.org
Tue May 17 14:52:07 PDT 2011


On Tue, May 17, 2011 at 5:40 PM, Jonas Sicking <jonas at sicking.cc> wrote:

> If the "supports credentials" flag is set to false, the request will
> be made without cookies, and the server may respond with either
> "Access-Control-Allow-Origin:*" or "Access-Control-Allow-Origin:
> <origin>".
>
> I propose that the latter mode is used as it will make servers easier
> to configure as they can just add a static header to all their
> responses.
>

This could be specified, eg. <img cors> without credentials and <img
cors="credentials"> with.  I don't know if there are use cases to justify
it.

-- 
Glenn Maynard



More information about the whatwg mailing list