Open jussi-kalliokoski opened 12 years ago
Apparently not! ^^ At least in Firefox.
Doesn’t work in Safari and Chrome. (I believe technically this is correct behavior as per the spec.)
Hmm, that would be weird if it's the correct behaviour. Why would CORS restrictions affect data URLs? Wouldn't that mean that if you paint a data URL image on a Canvas, getting its imagedata should start throwing a security exception as well?
Actually, the spec says that data URLs are ok: http://dvcs.w3.org/hg/xhr/raw-file/tip/Overview.html#data:-urls-and-http
Why would CORS restrictions affect data URLs?
Because data
is a different scheme than, say, http
.
Actually, the spec says that data URLs are ok: http://dvcs.w3.org/hg/xhr/raw-file/tip/Overview.html#data:-urls-and-http
Nowhere in that spec does it say that requests to a data URL from an HTTP page should be considered same-origin. But you’re right, the intention is to allow it — although currently not all browsers implement it that way.
Because
data
is a different scheme than, say,http
.
Indeed, but data URLs don't even have a notion of origin (or headers , for that matter) so I don't know how it would even be possible to apply CORS rules data URLs. To me it looks like WebKit just hasn't thought of the possibility of fetching a data URL with XHR, hence is bugged (just tried and in Opera this works as well).
Isn’t using a data URL for the XHR request a CORS problem, as it’s not the same origin?