[cakebrewery]

Is using an image different than using JSONP? Seems that both "exploit" resources to get around CORS policy.

[shados]

"simple requests" are exempts of CORS. Images is one way, but any GET request without special headers and with a specific subset of content types will quality and are exempts from CORS. Certain simple POSTs too if my memory's not too bad.

https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS#Simpl...