|
|
|
|
|
|
by jefftk
1028 days ago
|
|
|
Huh? If I have a resource I serve without Access-Control-Allow-Origin headers, all three browser engines won't make it available in cross-origin contexts. [1] For example, here are a pair of pages which make a cross-origin fetch for a resource that either does (yes-cors) or does not (no-cors) opt into cross-origin resource sharing. In all three browsers yes-cors displays the contents of the resource, and no-cors (correctly) displays "error". https://www.kingfisherband.com/test/yes-cors https://www.kingfisherband.com/test/no-cors [1] With the exception of some standardized legacy cross-origin contexts like images, but then they all protect the contents in the same way. |
|
|