I am reading and taking notes on the HTML specifications for 100 days as part of #The100DayProject. Read the initial intent/backstory. I am a Microsoft employee but all opinions, comments, etc on this site are my own. I do not speak on behalf of my employer, and thus no comments should be taken as representative of Microsoft’s official opinion of the spec. Subsections not listed below were read without comment.
Currently reading in 2.6 Fetching Resources.
2.6.5 Extracting character encodings from meta elements
No comments on this algorithm.
2.6.6 CORS settings attributes
CORS stands for “Cross-origin resource sharing”, and it allows secure resources (font files, for example) to be requested from one domain to another. That’s pretty much the only experience I have with it: setting—very carefully—the CORS configuration for font files in .htaccess.
2.6.7 CORS-enabled fetch
Pretty much one big algorithm in this section. Notable: the CORS mode can be “NO CORS”, and still a resource might be treated differently. Some resources have a default behavior “taint”; these resources will be fetched, but considered cross-domain requests; the UA can choose to surface this as a cross-site access error in the console. Other resources have a default behavior of “fail”, which will be completely blocked (and may also be reported as an error in the console).