[whatwg] [CORS] WebKit tainting image instead of throwing error
Ian Hickson
ian at hixie.ch
Tue Oct 4 12:12:35 PDT 2011
On Tue, 4 Oct 2011, Kenneth Russell wrote:
>
> As far as I can tell the tainting behavior WebKit implements is correct,
> and is specified by the text in
> http://www.whatwg.org/specs/web-apps/current-work/multipage/embedded-content-1.html#the-img-element
> . Scroll down to step 6 in the algorithm for "When the user agent is to
> update the image data...". Note that the "default origin behaviour" is
> set to "taint" when fetching images.
If you do a CORS-enabled fetch, you never get that far. If the CORS check
fails, the browser is required to act as if a network error occurred.
http://www.whatwg.org/specs/web-apps/current-work/#potentially-cors-enabled-fetch
--
Ian Hickson U+1047E )\._.,--....,'``. fL
http://ln.hixie.ch/ U+263A /, _.. \ _\ ;`._ ,.
Things that are impossible just take longer. `._.-(,_..'--(,_..'`-.;.'
More information about the whatwg
mailing list