[whatwg] [CORS] WebKit tainting image instead of throwing error
Anne van Kesteren
annevk at opera.com
Tue Oct 4 11:44:23 PDT 2011
On Tue, 04 Oct 2011 20:32:02 +0200, Ian Hickson <ian at hixie.ch> wrote:
> The idea is that if the server explicitly rejected the CORS request, then
> the image should not be usable at all.
FWIW, from a CORS-perspective both scenarios are fine. CORS only cares
about whether data gets shared in the end. One advantage I can see about
<img crossorigin> still displaying the image is that the request does not
use cookies. Not displaying the image probably makes debugging easier
however.
--
Anne van Kesteren
http://annevankesteren.nl/
More information about the whatwg
mailing list