Skip to content
Permalink
Browse files

SI: Add note about `Access-Control-Allow-Credentials`.

  • Loading branch information
mikewest committed Jan 11, 2014
1 parent 4a204c7 commit 7ff8c4720b4241d6c89a1cebb5ab5e2bc5cd4288
Showing with 6 additions and 0 deletions.
  1. +6 −0 specs/subresourceintegrity/spec.markdown
@@ -312,6 +312,12 @@ details these restrictions:
[[!HTTP11]], return `true`.
4. Return `false`.
The "Access-Control-Allow-Credentials" addition in step #2 above exists
because basic fetches would fail a CORS check due to steps 4 and 5 of
the resource sharing check even if they contained a
'Access-Control-Allow-Origin: *' header.
{:.note}
[fetch-origin]: http://fetch.spec.whatwg.org/#concept-request-origin
[cachable by a shared cache]: https://svn.tools.ietf.org/svn/wg/httpbis/draft-ietf-httpbis/latest/p6-cache.html#response.cacheability
[CORS resource sharing check]: http://www.w3.org/TR/cors/#resource-sharing-check-0

0 comments on commit 7ff8c47

Please sign in to comment.
You can’t perform that action at this time.