On 10/4/11 2:32 PM, Odin Hørthe Omdal wrote:
WebKit, on the other hand, only taints the image and loads it anyway, breaking the spec.
File a bug on them please? The idea of CORS is that CORS-using requests stop making the harmful distinction between ability to embed and ability to read. That's why CORS had to be opt-in for images. If WebKit is not implenenting this properly, they just need to fix their code...
And in particular an <img crossorigin> that's in the DOM and fails the CORS checks should not render the image on the page. Anything else is just broken.
-Boris
