[whatwg] Fetch: crossorigin="anonymous" and XMLHttpRequest
Adam Barth
w3c at adambarth.com
Tue Feb 26 16:10:34 PST 2013
Ah, my mistake. Kenneth is right. I didn't realize you were talking
about the crossorigin attributes.
Adam
On Tue, Feb 26, 2013 at 4:02 PM, Kenneth Russell <kbr at google.com> wrote:
> Are you referring to the crossOrigin attribute on HTMLImageElement and
> HTMLMediaElement? Those are implemented in WebKit. It should be fine
> to change crossOrigin="anonymous" requests to satisfy (a) and (b). Any
> server that satisfies these anonymous requests in a way compatible
> with UAs' caching will ignore the incoming origin and the referrer.
>
> -Ken
>
>
> On Tue, Feb 26, 2013 at 2:52 PM, Adam Barth <w3c at adambarth.com> wrote:
>> WebKit hasn't implemented either, so we don't have any implementation
>> constraints in this area.
>>
>> Adam
>>
>>
>> On Tue, Feb 26, 2013 at 3:35 AM, Anne van Kesteren <annevk at annevk.nl> wrote:
>>> There's an unfortunate mismatch currently. new
>>> XMLHttpRequest({anon:true}) will generate a request where a) origin is
>>> a globally unique identifier b) referrer source is the URL
>>> about:blank, and c) credentials are omitted. From those
>>> crossorigin="anonymous" only does c. Can we still change
>>> crossorigin="anonymous" to match the anonymous flag semantics of
>>> XMLHttpRequest or is it too late?
>>>
>>>
>>> --
>>> http://annevankesteren.nl/
More information about the whatwg
mailing list