Cross-Origin Image Defaults
Select a Cross-Origin Resource Sharing (CORS) option for your module images in the Global Settings.
- Unset – CORS is not used at all (Useful if your images are hosted on CDN networks).
- Anonymous – A cross-origin request (i.e., with Origin: HTTP header) is performed. But no credential is sent (i.e., no cookie, no X.509 certificate, and no HTTP Basic authentication are sent). If the server does not give credentials to the origin site (by not setting the Access-Control-Allow-Origin: HTTP header), the image will be tainted and its usage restricted.
- Use Credentials – A cross-origin request (i.e., with Origin: HTTP header) performed with credential is sent (i.e., a cookie, a certificate, and HTTP Basic authentication are performed). If the server does not give credentials to the origin site (through Access-Control-Allow-Credentials: HTTP header), the image will be tainted and its usage restricted.
Cross-Origin Resource Sharing (CORS)