jussi-kalliokoski
commented
12 years ago Apparently not! ^^ At least in Firefox.
Open jussi-kalliokoski opened 12 years ago
jussi-kalliokoski
commented
12 years ago Apparently not! ^^ At least in Firefox.
mathiasbynens
commented
12 years ago Doesn’t work in Safari and Chrome. (I believe technically this is correct behavior as per the spec.)
jussi-kalliokoski
commented
12 years ago Hmm, that would be weird if it's the correct behaviour. Why would CORS restrictions affect data URLs? Wouldn't that mean that if you paint a data URL image on a Canvas, getting its imagedata should start throwing a security exception as well?
jussi-kalliokoski
commented
12 years ago Actually, the spec says that data URLs are ok: http://dvcs.w3.org/hg/xhr/raw-file/tip/Overview.html#data:-urls-and-http
mathiasbynens
commented
12 years ago Why would CORS restrictions affect data URLs?
Because data is a different scheme than, say, http.
Actually, the spec says that data URLs are ok: http://dvcs.w3.org/hg/xhr/raw-file/tip/Overview.html#data:-urls-and-http
Nowhere in that spec does it say that requests to a data URL from an HTTP page should be considered same-origin. But you’re right, the intention is to allow it — although currently not all browsers implement it that way.
jussi-kalliokoski
commented
12 years ago Because
datais a different scheme than, say,http.
Indeed, but data URLs don't even have a notion of origin (or headers , for that matter) so I don't know how it would even be possible to apply CORS rules data URLs. To me it looks like WebKit just hasn't thought of the possibility of fetching a data URL with XHR, hence is bugged (just tried and in Opera this works as well).
Isn’t using a data URL for the XHR request a CORS problem, as it’s not the same origin?