I'm trying to motivate the reason why Same-Origin Policy allows cross-site request for image to setCookie?
This is my understand, say I build a website A.com.
-
motivation of sending a cross-site request: images takes space, so I use image by embedding from other(cross-site) sites(ex: imgur.com).
-
motivation of sending image request with cookie: I know some private image should be retrieved only by logined users. So, that's possible reason why cross-site request should sent with cookie.
However, is there a reason why a cross-site website should embedded such private image? Can someone give an example?
Aucun commentaire:
Enregistrer un commentaire