[Webkit-unassigned] [Bug 110880] Cross-origin XSLT requests with CORS should be allowed
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Wed Feb 27 09:20:04 PST 2013
https://bugs.webkit.org/show_bug.cgi?id=110880
--- Comment #5 from Raphael Kubo da Costa (rakuco, Intel) <rakuco at webkit.org> 2013-02-27 09:22:28 PST ---
(In reply to comment #3)
> Does the fetch happen with credentials? Typically we prefer that people use CORS in "anonymous" mode so they don't accidentally share cookie-authenticated data. For example, that's the default for the crossorigin attribute on <img>.
Given that there's no equivalent to the crossorigin attribute for <?xml-stylesheet>, I think both Gecko and IE perform the request without credentials, but I can check that.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list