Skip to content
Browse files

SI: Add note about `Access-Control-Allow-Credentials`.

  • Loading branch information
mikewest committed Jan 11, 2014
1 parent 4a204c7 commit 7ff8c4720b4241d6c89a1cebb5ab5e2bc5cd4288
Showing with 6 additions and 0 deletions.
  1. +6 −0 specs/subresourceintegrity/spec.markdown
@@ -312,6 +312,12 @@ details these restrictions:
[[!HTTP11]], return `true`.
4. Return `false`.
The "Access-Control-Allow-Credentials" addition in step #2 above exists
because basic fetches would fail a CORS check due to steps 4 and 5 of
the resource sharing check even if they contained a
'Access-Control-Allow-Origin: *' header.
[cachable by a shared cache]:
[CORS resource sharing check]:

0 comments on commit 7ff8c47

Please sign in to comment.
You can’t perform that action at this time.