On Tue, 11 Oct 2011 13:20:40 +0900, Anne van Kesteren <[email protected]>
wrote:
If you do <img crossorigin> from A to B, and a resource sharing check
for B fails, cookies must not be set (per my reading of the HTML
specification).
My reading is wrong. Once HTML discards the resource the cookies have
already been set. We could still decide to change this of course, but it
does seem like HTML and XMLHttpRequest are consistent here. (Although some
clarification in wording could be in order given the apparent confusion.)
--
Anne van Kesteren
http://annevankesteren.nl/
