I think I will try to adopt that stricter behavior. Please speak up if you disagree.
-- Anne van Kesteren http://annevankesteren.nl/
Currently if a resource sharing check fails cookies will still be set for
a credentialed request similarly to how they would be with <form> or
<img>. However, it seems that HTML defines for <img crossorigin> that the
UA must act as if there was no response at all. That does not work of
course for the normal <img> case where the server could still opt in to
sharing, but would work for XMLHttpRequest.
- [cors] Failed sharing check and cookies Anne van Kesteren
- Re: [cors] Failed sharing check and cookies Anne van Kesteren
- Re: [cors] Failed sharing check and cookies Jonas Sicking
- Re: [cors] Failed sharing check and cookies Ian Hickson
- Re: [cors] Failed sharing check and cookies Anne van Kesteren
