lets CORS work with
> > the existing browser request logic for images and other subresources,
> where
> > cookies are currently sent with the request.
> > Charlie
> >
> >>
> >> On 7 July 2010 16:11, Charlie Reis wrote:
> >> >
> >
y data on it,
though.
The benefit to allowing * with credentials is that it lets CORS work with
the existing browser request logic for images and other subresources, where
cookies are currently sent with the request.
Charlie
> On 7 July 2010 16:11, Charlie Reis wrote:
> >
> >
>
On Wed, Jul 7, 2010 at 4:04 PM, Mark S. Miller wrote:
> On Wed, Jul 7, 2010 at 1:09 PM, Charlie Reis wrote:
> [...]
>
>> That's unfortunate-- at least for now, that prevents servers from echoing
>> the origin in the Access-Control-Allow-Origin header, so servers cann
On Wed, Jul 7, 2010 at 1:28 AM, Anne van Kesteren wrote:
> On Fri, 02 Jul 2010 23:05:41 +0200, Charlie Reis
> wrote:
>
>> Hi all--
>> I'm trying to understand one of the example use cases in the CORS
>> specification and how the various rules about credent
allow
credentials? I've seen it documented in several places, but I'm not sure
why that's the case. In cases like images or perhaps web fonts, it seems
impractical to prevent credentials from being sent (unlike XmlHttpRequests).
On a similar note, are the image's GET requests required to carry Origin
HTTP headers?
Thanks in advance,
Charlie Reis
