annevk
commented
9 years ago You probably still want to point out the attribute. It's rather important as the fetcher indicates what type of CORS the server needs to reply with.
Closed annevk closed 9 years ago
annevk
commented
9 years ago You probably still want to point out the attribute. It's rather important as the fetcher indicates what type of CORS the server needs to reply with.
anselmh
commented
9 years ago Thanks for reporting and the additional information, Anne. Is it fine now? :)
annevk
commented
9 years ago Not really. The pairing is crossorigin="" with Access-Control-Allow-Origin: * and crossorigin="use-credentials" with Access-Control-Allow-Origin: [origin] + Access-Control-Allow-Credentials: true. I suspect you almost never need the latter for CSS.
anselmh
commented
9 years ago Now I’m confused. Isn’t that what I had before except I had the crossorigin="use-credentials" paired with *? So is it correct to state this?
Set header to:
'Access-Control-Allow-Origin: *'And on the CSS link:crossorigin=""
annevk
commented
9 years ago I assumed you had a reason to advice "use-credentials".
There's some CORS advice in the README.md that suggests "use-credentials" would work with *, but it won't. If you include credentials the server needs to reply with two headers, one of which includes the origin on question.