[whatwg] [CORS] WebKit tainting image instead of throwing error

Boris Zbarsky bzbarsky at MIT.EDU
Tue Oct 4 11:55:28 PDT 2011


On 10/4/11 2:44 PM, Anne van Kesteren wrote:
> On Tue, 04 Oct 2011 20:32:02 +0200, Ian Hickson <ian at hixie.ch> wrote:
>> The idea is that if the server explicitly rejected the CORS request, then
>> the image should not be usable at all.
>
> FWIW, from a CORS-perspective both scenarios are fine. CORS only cares
> about whether data gets shared in the end.

Displaying images involves sharing data, basically.  That's why we're 
having to jump through all these hoops....

-Boris



More information about the whatwg mailing list