[whatwg] Fetch: cross-origin redirect to a data URL

Anne van Kesteren annevk at annevk.nl
Sun Feb 24 10:32:56 PST 2013

Say <img> does a cross-origin request. The response to that request is
a redirect with the appropriate CORS headers set. The new location is
a data URL. Should that URL be tainted or not? I tend to think we
should make that work.

(By the way, if you're interested. I'm working on a new specification
that merges HTML fetch and CORS, named Fetch.
http://wiki.whatwg.org/wiki/Fetch has the rough outline so far,
including an algorithm at the bottom. The idea is that everything in
the platform that does network requests ties into that (in particular
the fetch function which dispatches as appropriate).)


More information about the whatwg mailing list