[whatwg] [CORS] WebKit tainting image instead of throwing error
Boris Zbarsky
bzbarsky at MIT.EDU
Tue Oct 4 11:55:28 PDT 2011
On 10/4/11 2:44 PM, Anne van Kesteren wrote:
> On Tue, 04 Oct 2011 20:32:02 +0200, Ian Hickson <ian at hixie.ch> wrote:
>> The idea is that if the server explicitly rejected the CORS request, then
>> the image should not be usable at all.
>
> FWIW, from a CORS-perspective both scenarios are fine. CORS only cares
> about whether data gets shared in the end.
Displaying images involves sharing data, basically. That's why we're
having to jump through all these hoops....
-Boris
More information about the whatwg
mailing list