From 754bbf7a25a8dda49b5d08ef0d0443bbf5af0e36 Mon Sep 17 00:00:00 2001 From: Craig Jennings Date: Sun, 7 Apr 2024 13:41:34 -0500 Subject: new repository --- devdocs/html/attributes%2Fcrossorigin.html | 202 +++++++++++++++++++++++++++++ 1 file changed, 202 insertions(+) create mode 100644 devdocs/html/attributes%2Fcrossorigin.html (limited to 'devdocs/html/attributes%2Fcrossorigin.html') diff --git a/devdocs/html/attributes%2Fcrossorigin.html b/devdocs/html/attributes%2Fcrossorigin.html new file mode 100644 index 00000000..effd40dc --- /dev/null +++ b/devdocs/html/attributes%2Fcrossorigin.html @@ -0,0 +1,202 @@ +

HTML attribute: crossorigin

+

The crossorigin attribute, valid on the <audio>, <img>, <link>, <script>, and <video> elements, provides support for CORS, defining how the element handles cross-origin requests, thereby enabling the configuration of the CORS requests for the element's fetched data. Depending on the element, the attribute can be a CORS settings attribute.

The crossorigin content attribute on media elements is a CORS settings attribute.

These attributes are enumerated, and have the following possible values:

anonymous

Request uses CORS headers and credentials flag is set to 'same-origin'. There is no exchange of user credentials via cookies, client-side TLS certificates or HTTP authentication, unless destination is the same origin.

use-credentials

Request uses CORS headers, credentials flag is set to 'include' and user credentials are always included.

""

Setting the attribute name to an empty value, like crossorigin or crossorigin="", is the same as anonymous.

An invalid keyword and an empty string will be handled as the anonymous keyword.

By default (that is, when the attribute is not specified), CORS is not used at all. The user agent will not ask for permission for full access to the resource and in the case of a cross-origin request, certain limitations will be applied based on the type of element concerned:

Element Restrictions
+img, audio, video + When resource is placed in <canvas>, element is marked as tainted.
script Access to error logging via window.onerror will be limited.
link Request with no appropriate crossorigin header may be discarded.

Note: The crossorigin attribute is not supported for rel="icon" in Chromium-based browsers. See the open Chromium issue.

+
+

Example: crossorigin with the <script> element

+
+

You can use the following <script> element to tell a browser to execute the https://example.com/example-framework.js script without sending user-credentials.

+

html

+
<script
+  src="https://example.com/example-framework.js"
+  crossorigin="anonymous"></script>
+
+
+
+

Example: Web manifest with credentials

+
+

The use-credentials value must be used when fetching a manifest that requires credentials, even if the file is from the same origin.

+

html

+
<link rel="manifest" href="/app.webmanifest" crossorigin="use-credentials" />
+
+
+
+

Specifications

+
+ + +
Specification
HTML Standard
# cors-settings-attributes
+

Browser compatibility

+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
DesktopMobile
ChromeEdgeFirefoxInternet ExplorerOperaSafariWebView AndroidChrome AndroidFirefox for AndroidOpera AndroidSafari on IOSSamsung Internet
crossorigin33≤1874
12–74With crossorigin="use-credentials", cookies aren't sent during seek. See bug 1532722.
+		No20104.4.33379
14–79With crossorigin="use-credentials", cookies aren't sent during seek. See bug 1532722.
+		20102.0
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
DesktopMobile
ChromeEdgeFirefoxInternet ExplorerOperaSafariWebView AndroidChrome AndroidFirefox for AndroidOpera AndroidSafari on IOSSamsung Internet
crossorigin191414No12
6The crossorigin attribute was implemented in WebKit in WebKit bug 81438.
4.4251412
6The crossorigin attribute was implemented in WebKit in WebKit bug 81438.
1.5
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
DesktopMobile
ChromeEdgeFirefoxInternet ExplorerOperaSafariWebView AndroidChrome AndroidFirefox for AndroidOpera AndroidSafari on IOSSamsung Internet
crossorigin3417
18Before Firefox 83, crossorigin is not supported for rel="icon".
No21103734
18Before Firefox 83, crossorigin is not supported for rel="icon".
21102.0
+
+ + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + + +
DesktopMobile
ChromeEdgeFirefoxInternet ExplorerOperaSafariWebView AndroidChrome AndroidFirefox for AndroidOpera AndroidSafari on IOSSamsung Internet
crossorigin13128Yes1564.41881461.0
+

html.elements.img.crossorigin

+

BCD tables only load in the browser

+

html.elements.link.crossorigin

+

BCD tables only load in the browser

+

html.elements.script.crossorigin

+

BCD tables only load in the browser

+

html.elements.video.crossorigin

+

BCD tables only load in the browser

+

See also

+
+

+ © 2005–2023 MDN contributors.
Licensed under the Creative Commons Attribution-ShareAlike License v2.5 or later.
+ https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/crossorigin +

+
-- cgit v1.2.3