On Tue, 12 Jun 2012 20:38:08 +0200, Boris Zbarsky <bzbarsky@...> wrote:
> On 6/12/12 4:47 AM, Simon Pieters wrote:
>> The potentially CORS-enabled fetch algorithm ignores the state of the
>> crossorigin attribute when the URL is same-origin.
> Hmm. On the face of it, this seems like a bug when open redirectors are
> involved... Is this what UAs implement in practice?