In HTML5, some HTML elements which provide support for CORS, such as {{ HTMLElement("img") }} or {{ HTMLElement("video") }}, have a crossorigin
attribute (crossOrigin
property), which lets you configure the CORS requests for the element's fetched data. These attributes are enumerated, and have the following possible values:
Keyword | Description |
anonymous |
CORS requests for this element will not have the credentials flag set. |
use-credentials |
CORS requests for this element will have the credentials flag set; this means the request will provide credentials. |
By default (that is, when the attribute is not specified), CORS is not used at all. The "anonymous" keyword means that there will be no exchange of user credentials via cookies, client-side SSL certificates or HTTP authentication as described in the Terminology section of the CORS specification.
An invalid keyword and an empty string will be handled as the anonymous
keyword.
Browser compatibility
{{ CompatibilityTable() }}
Feature | Chrome | Firefox (Gecko) | Internet Explorer | Opera | Safari (WebKit) |
---|---|---|---|---|---|
Basic support | 13 | {{ CompatGeckoDesktop("8.0") }} | 11 | {{ CompatNo() }} | {{ CompatNo() }}(535.1) |
{{ HTMLElement("video")}} | {{ CompatUnknown() }} | {{ CompatGeckoDesktop("12.0") }} | {{ CompatUnknown() }} | {{ CompatUnknown() }} | {{ CompatUnknown() }} |
Feature | Android | Firefox Mobile (Gecko) | IE Mobile | Opera Mobile | Safari Mobile |
---|---|---|---|---|---|
Basic support | {{ CompatUnknown() }} | {{ CompatGeckoMobile("8.0") }} | {{ CompatUnknown() }} | {{ CompatUnknown() }} | {{ CompatUnknown() }} |
{{ HTMLElement("video")}} | {{ CompatUnknown() }} | {{ CompatGeckoMobile("12.0") }} | {{ CompatUnknown() }} | {{ CompatUnknown() }} | {{ CompatUnknown() }} |
Specifications
See also
{{ languages({"en":"en/HTML/CORS_settings_attributes","ja":"ja/HTML/CORS_settings_attributes"}) }}