On 10/4/11 2:44 PM, Anne van Kesteren wrote:
On Tue, 04 Oct 2011 20:32:02 +0200, Ian Hickson <i...@hixie.ch> wrote:The idea is that if the server explicitly rejected the CORS request, then the image should not be usable at all.FWIW, from a CORS-perspective both scenarios are fine. CORS only cares about whether data gets shared in the end.
Displaying images involves sharing data, basically. That's why we're having to jump through all these hoops....
-Boris
