[whatwg] [CORS] WebKit tainting image instead of throwing error

Boris Zbarsky bzbarsky at MIT.EDU
Tue Oct 4 11:55:28 PDT 2011

On 10/4/11 2:44 PM, Anne van Kesteren wrote:
> On Tue, 04 Oct 2011 20:32:02 +0200, Ian Hickson <ian at hixie.ch> wrote:
>> The idea is that if the server explicitly rejected the CORS request, then
>> the image should not be usable at all.
> FWIW, from a CORS-perspective both scenarios are fine. CORS only cares
> about whether data gets shared in the end.

Displaying images involves sharing data, basically.  That's why we're 
having to jump through all these hoops....


More information about the whatwg mailing list