[Webkit-unassigned] [Bug 107389] New: <script crossorigin> not handled correctly when server doesn't send the right headers
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Sat Jan 19 18:12:54 PST 2013
https://bugs.webkit.org/show_bug.cgi?id=107389
Summary: <script crossorigin> not handled correctly when server
doesn't send the right headers
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: NEW
Severity: Normal
Priority: P2
Component: HTML DOM
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: bzbarsky at mit.edu
Accordiing to https://bugzilla.mozilla.org/show_bug.cgi?id=832587#c0 a <script crossorigin> with a cross-origin URL to a server that's not sending the right access-control-allow-origin headers executes in Chrome. That's not what the spec says to do. In particular, see http://www.whatwg.org/specs/web-apps/current-work/multipage/fetching-resources.html#potentially-cors-enabled-fetch the part about 'If mode is "Anonymous" or "Use Credentials"' under 'If the CORS cross-origin request status is not success'.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list