Are you referring to the crossOrigin attribute on HTMLImageElement and HTMLMediaElement? Those are implemented in WebKit. It should be fine to change crossOrigin="anonymous" requests to satisfy (a) and (b). Any server that satisfies these anonymous requests in a way compatible with UAs' caching will ignore the incoming origin and the referrer.
-Ken On Tue, Feb 26, 2013 at 2:52 PM, Adam Barth <[email protected]> wrote: > WebKit hasn't implemented either, so we don't have any implementation > constraints in this area. > > Adam > > > On Tue, Feb 26, 2013 at 3:35 AM, Anne van Kesteren <[email protected]> wrote: >> There's an unfortunate mismatch currently. new >> XMLHttpRequest({anon:true}) will generate a request where a) origin is >> a globally unique identifier b) referrer source is the URL >> about:blank, and c) credentials are omitted. From those >> crossorigin="anonymous" only does c. Can we still change >> crossorigin="anonymous" to match the anonymous flag semantics of >> XMLHttpRequest or is it too late? >> >> >> -- >> http://annevankesteren.nl/
