new repository

1 files changed, 202 insertions, 0 deletions

diff --git a/devdocs/html/attributes%2Fcrossorigin.html b/devdocs/html/attributes%2Fcrossorigin.html
new file mode 100644
index 00000000..effd40dc
--- /dev/null
+++ b/devdocs/html/attributes%2Fcrossorigin.html
@@ -0,0 +1,202 @@
+<header><h1>HTML attribute: crossorigin</h1></header><div class="section-content">
+<p>The <code>crossorigin</code> attribute, valid on the <a href="../element/audio"><code>&lt;audio&gt;</code></a>, <a href="../element/img"><code>&lt;img&gt;</code></a>, <a href="../element/link"><code>&lt;link&gt;</code></a>, <a href="../element/script"><code>&lt;script&gt;</code></a>, and <a href="../element/video"><code>&lt;video&gt;</code></a> elements, provides support for <a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS">CORS</a>, defining how the element handles cross-origin requests, thereby enabling the configuration of the CORS requests for the element's fetched data. Depending on the element, the attribute can be a CORS settings attribute.</p> <p>The <code>crossorigin</code> content attribute on media elements is a CORS settings attribute.</p> <p>These attributes are <a href="https://developer.mozilla.org/en-US/docs/Glossary/Enumerated">enumerated</a>, and have the following possible values:</p> <dl> <dt id="anonymous"><a href="#anonymous"><code>anonymous</code></a></dt> <dd> <p>Request uses CORS headers and credentials flag is set to <code>'same-origin'</code>. There is no exchange of <strong>user credentials</strong> via cookies, client-side TLS certificates or HTTP authentication, unless destination is the same origin.</p> </dd> <dt id="use-credentials"><a href="#use-credentials"><code>use-credentials</code></a></dt> <dd> <p>Request uses CORS headers, credentials flag is set to <code>'include'</code> and <strong>user credentials</strong> are always included.</p> </dd> <dt id="sect1"><a href="#sect1"><code>""</code></a></dt> <dd> <p>Setting the attribute name to an empty value, like <code>crossorigin</code> or <code>crossorigin=""</code>, is the same as <code>anonymous</code>.</p> </dd> </dl> <p>An invalid keyword and an empty string will be handled as the <code>anonymous</code> keyword.</p> <p>By default (that is, when the attribute is not specified), CORS is not used at all. The user agent will not ask for permission for full access to the resource and in the case of a cross-origin request, certain limitations will be applied based on the type of element concerned:</p> <figure class="table-container"><div class="_table"><table class="no-markdown"> <tbody> <tr> <th class="header">Element</th> <th class="header">Restrictions</th> </tr> <tr> <td>
+<code>img</code>, <code>audio</code>, <code>video</code>
+</td> <td>When resource is placed in <a href="../element/canvas"><code>&lt;canvas&gt;</code></a>, element is marked as <a href="../cors_enabled_image#security_and_tainted_canvases"><em>tainted</em></a>.</td> </tr> <tr> <td><code>script</code></td> <td>Access to error logging via <a href="https://developer.mozilla.org/en-US/docs/Web/API/Window/error_event"><code>window.onerror</code></a> will be limited.</td> </tr> <tr> <td><code>link</code></td> <td>Request with no appropriate <code>crossorigin</code> header may be discarded.</td> </tr> </tbody> </table></div></figure> <div class="notecard note" id="sect2"> <p><strong>Note:</strong> The <code>crossorigin</code> attribute is not supported for <a href="rel#icon"><code>rel="icon"</code></a> in Chromium-based browsers. See the <a href="https://crbug.com/1121645" target="_blank">open Chromium issue</a>.</p> </div>
+</div>
+<h3 id="example_crossorigin_with_the_script_element">Example: <code>crossorigin</code> with the <code>&lt;script&gt;</code> element</h3>
+<div class="section-content">
+<p>You can use the following <a href="../element/script"><code>&lt;script&gt;</code></a> element to tell a browser to execute the <code>https://example.com/example-framework.js</code> script without sending user-credentials.</p> <div class="code-example">
+<p class="example-header"><span class="language-name">html</span></p>
+<pre data-signature="gmqRYTcssVuwG1FefnItqBu/UE7w3Jg+n1G/xD9L18g=" data-language="html"><span class="token tag"><span class="token tag"><span class="token punctuation">&lt;</span>script</span>
+  <span class="token attr-name">src</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>https://example.com/example-framework.js<span class="token punctuation">"</span></span>
+  <span class="token attr-name">crossorigin</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>anonymous<span class="token punctuation">"</span></span><span class="token punctuation">&gt;</span></span><span class="token tag"><span class="token tag"><span class="token punctuation">&lt;/</span>script</span><span class="token punctuation">&gt;</span></span>
+</pre>
+</div>
+</div>
+<h3 id="example_web_manifest_with_credentials">Example: Web manifest with credentials</h3>
+<div class="section-content">
+<p>The <code>use-credentials</code> value must be used when fetching a <a href="https://developer.mozilla.org/en-US/docs/Web/Manifest">manifest</a> that requires credentials, even if the file is from the same origin.</p> <div class="code-example">
+<p class="example-header"><span class="language-name">html</span></p>
+<pre data-signature="qUcPtbg+8FhpveA2KUhgWKnN9kHckcDS7x8ZhcAtFJA=" data-language="html"><span class="token tag"><span class="token tag"><span class="token punctuation">&lt;</span>link</span> <span class="token attr-name">rel</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>manifest<span class="token punctuation">"</span></span> <span class="token attr-name">href</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>/app.webmanifest<span class="token punctuation">"</span></span> <span class="token attr-name">crossorigin</span><span class="token attr-value"><span class="token punctuation attr-equals">=</span><span class="token punctuation">"</span>use-credentials<span class="token punctuation">"</span></span> <span class="token punctuation">/&gt;</span></span>
+</pre>
+</div>
+</div>
+<h2 id="specifications">Specifications</h2>
+<div class="_table"><table class="standard-table">
+<thead><tr><th scope="col">Specification</th></tr></thead>
+<tbody><tr><td><a href="https://html.spec.whatwg.org/multipage/urls-and-fetching.html#cors-settings-attributes">HTML Standard <br><small># cors-settings-attributes</small></a></td></tr></tbody>
+</table></div>
+<h2 id="browser_compatibility">Browser compatibility</h2>
+<div class="_table"><table>
+<thead>
+<tr id="bct-browser-type">
+<th></th>
+<th colspan="6">Desktop</th>
+<th colspan="6">Mobile</th>
+</tr>
+<tr id="bct-browsers">
+<th></th>
+<th>Chrome</th>
+<th>Edge</th>
+<th>Firefox</th>
+<th>Internet Explorer</th>
+<th>Opera</th>
+<th>Safari</th>
+<th>WebView Android</th>
+<th>Chrome Android</th>
+<th>Firefox for Android</th>
+<th>Opera Android</th>
+<th>Safari on IOS</th>
+<th>Samsung Internet</th>
+</tr>
+</thead>
+<tbody><tr>
+<th><code>crossorigin</code></th>
+<td class="bc-supports-yes">33</td>
+<td class="bc-supports-yes">≤18</td>
+<td class="bc-supports-yes">74<details><summary>12–74</summary>With <code>crossorigin="use-credentials"</code>, cookies aren't sent during seek. See <a href="https://bugzil.la/1532722">bug 1532722</a>.</details>
+</td>
+<td class="bc-supports-no">No</td>
+<td class="bc-supports-yes">20</td>
+<td class="bc-supports-yes">10</td>
+<td class="bc-supports-yes">4.4.3</td>
+<td class="bc-supports-yes">33</td>
+<td class="bc-supports-yes">79<details><summary>14–79</summary>With <code>crossorigin="use-credentials"</code>, cookies aren't sent during seek. See <a href="https://bugzil.la/1532722">bug 1532722</a>.</details>
+</td>
+<td class="bc-supports-yes">20</td>
+<td class="bc-supports-yes">10</td>
+<td class="bc-supports-yes">2.0</td>
+</tr></tbody>
+</table></div>
+<div class="_table"><table>
+<thead>
+<tr id="bct-browser-type">
+<th></th>
+<th colspan="6">Desktop</th>
+<th colspan="6">Mobile</th>
+</tr>
+<tr id="bct-browsers">
+<th></th>
+<th>Chrome</th>
+<th>Edge</th>
+<th>Firefox</th>
+<th>Internet Explorer</th>
+<th>Opera</th>
+<th>Safari</th>
+<th>WebView Android</th>
+<th>Chrome Android</th>
+<th>Firefox for Android</th>
+<th>Opera Android</th>
+<th>Safari on IOS</th>
+<th>Samsung Internet</th>
+</tr>
+</thead>
+<tbody><tr>
+<th><code>crossorigin</code></th>
+<td class="bc-supports-yes">19</td>
+<td class="bc-supports-yes">14</td>
+<td class="bc-supports-yes">14</td>
+<td class="bc-supports-no">No</td>
+<td class="bc-supports-yes">12</td>
+<td class="bc-supports-yes"><details><summary>6</summary>The <code>crossorigin</code> attribute was implemented in WebKit in WebKit <a href="https://webkit.org/b/81438">bug 81438</a>.</details></td>
+<td class="bc-supports-yes">4.4</td>
+<td class="bc-supports-yes">25</td>
+<td class="bc-supports-yes">14</td>
+<td class="bc-supports-yes">12</td>
+<td class="bc-supports-yes"><details><summary>6</summary>The <code>crossorigin</code> attribute was implemented in WebKit in WebKit <a href="https://webkit.org/b/81438">bug 81438</a>.</details></td>
+<td class="bc-supports-yes">1.5</td>
+</tr></tbody>
+</table></div>
+<div class="_table"><table>
+<thead>
+<tr id="bct-browser-type">
+<th></th>
+<th colspan="6">Desktop</th>
+<th colspan="6">Mobile</th>
+</tr>
+<tr id="bct-browsers">
+<th></th>
+<th>Chrome</th>
+<th>Edge</th>
+<th>Firefox</th>
+<th>Internet Explorer</th>
+<th>Opera</th>
+<th>Safari</th>
+<th>WebView Android</th>
+<th>Chrome Android</th>
+<th>Firefox for Android</th>
+<th>Opera Android</th>
+<th>Safari on IOS</th>
+<th>Samsung Internet</th>
+</tr>
+</thead>
+<tbody><tr>
+<th><code>crossorigin</code></th>
+<td class="bc-supports-yes">34</td>
+<td class="bc-supports-yes">17</td>
+<td class="bc-supports-yes"><details><summary>18</summary>Before Firefox 83, <code>crossorigin</code> is not supported for <code>rel="icon"</code>.</details></td>
+<td class="bc-supports-no">No</td>
+<td class="bc-supports-yes">21</td>
+<td class="bc-supports-yes">10</td>
+<td class="bc-supports-yes">37</td>
+<td class="bc-supports-yes">34</td>
+<td class="bc-supports-yes"><details><summary>18</summary>Before Firefox 83, <code>crossorigin</code> is not supported for <code>rel="icon"</code>.</details></td>
+<td class="bc-supports-yes">21</td>
+<td class="bc-supports-yes">10</td>
+<td class="bc-supports-yes">2.0</td>
+</tr></tbody>
+</table></div>
+<div class="_table"><table>
+<thead>
+<tr id="bct-browser-type">
+<th></th>
+<th colspan="6">Desktop</th>
+<th colspan="6">Mobile</th>
+</tr>
+<tr id="bct-browsers">
+<th></th>
+<th>Chrome</th>
+<th>Edge</th>
+<th>Firefox</th>
+<th>Internet Explorer</th>
+<th>Opera</th>
+<th>Safari</th>
+<th>WebView Android</th>
+<th>Chrome Android</th>
+<th>Firefox for Android</th>
+<th>Opera Android</th>
+<th>Safari on IOS</th>
+<th>Samsung Internet</th>
+</tr>
+</thead>
+<tbody><tr>
+<th><code>crossorigin</code></th>
+<td class="bc-supports-yes">13</td>
+<td class="bc-supports-yes">12</td>
+<td class="bc-supports-yes">8</td>
+<td class="bc-supports-yes">Yes</td>
+<td class="bc-supports-yes">15</td>
+<td class="bc-supports-yes">6</td>
+<td class="bc-supports-yes">4.4</td>
+<td class="bc-supports-yes">18</td>
+<td class="bc-supports-yes">8</td>
+<td class="bc-supports-yes">14</td>
+<td class="bc-supports-yes">6</td>
+<td class="bc-supports-yes">1.0</td>
+</tr></tbody>
+</table></div>
+<h3 id="html.elements.img.crossorigin">html.elements.img.crossorigin</h3>
+<p>BCD tables only load in the browser<noscript> with JavaScript enabled. Enable JavaScript to view data.</noscript></p>
+<h3 id="html.elements.link.crossorigin">html.elements.link.crossorigin</h3>
+<p>BCD tables only load in the browser<noscript> with JavaScript enabled. Enable JavaScript to view data.</noscript></p>
+<h3 id="html.elements.script.crossorigin">html.elements.script.crossorigin</h3>
+<p>BCD tables only load in the browser<noscript> with JavaScript enabled. Enable JavaScript to view data.</noscript></p>
+<h3 id="html.elements.video.crossorigin">html.elements.video.crossorigin</h3>
+<p>BCD tables only load in the browser<noscript> with JavaScript enabled. Enable JavaScript to view data.</noscript></p>
+<h2 id="see_also">See also</h2>
+<div class="section-content"><ul> <li><a href="https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS">Cross-Origin Resource Sharing (CORS)</a></li> <li><a href="rel">HTML attribute: <code>rel</code></a></li> </ul></div><div class="_attribution">
+  <p class="_attribution-p">
+    &copy; 2005&ndash;2023 MDN contributors.<br>Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.<br>
+    <a href="https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/crossorigin" class="_attribution-link">https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/crossorigin</a>
+  </p>
+</div>