1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
|
---
title: 'Atributo CORS: Solicitar acesso CORS para o conteúdo'
slug: Web/HTML/Attributes/crossorigin
tags:
- Avançado
- CORS
- HTML
- Precisa de Exemplo
- Referencia
- Segurança
translation_of: Web/HTML/Attributes/crossorigin
original_slug: Web/HTML/CORS_settings_attributes
---
<p><span class="seoSummary">In HTML5, some HTML elements which provide support for <a href="/en-US/docs/Web/HTTP/CORS">CORS</a>, such as {{ HTMLElement("img") }}, {{ HTMLElement("video") }} or {{ HTMLElement("script") }}, have a <code>crossorigin</code> attribute (<code>crossOrigin</code> property), which lets you configure the CORS requests for the element's fetched data.</span> These attributes are enumerated, and have the following possible values:</p>
<table class="standard-table">
<tbody>
<tr>
<td class="header">Keyword</td>
<td class="header">Description</td>
</tr>
<tr>
<td><code>anonymous</code></td>
<td>CORS requests for this element will have the credentials flag set to 'same-origin'.</td>
</tr>
<tr>
<td><code>use-credentials</code></td>
<td>CORS requests for this element will have the credentials flag set to 'include'.</td>
</tr>
</tbody>
</table>
<p>By default (that is, when the attribute is not specified), CORS is not used at all. The "anonymous" keyword means that there will be no exchange of <strong>user credentials</strong> via cookies, client-side SSL certificates or HTTP authentication as described in the <a class="external" href="http://www.w3.org/TR/cors/#user-credentials">Terminology section of the CORS specification</a>, unless it is in the same origin.</p>
<p>An invalid keyword and an empty string will be handled as the <code>anonymous</code> keyword.</p>
<h3 id="Exemplo_crossorigin_with_the_script_element">Exemplo: crossorigin with the script element</h3>
<p>You can use the following {{HTMLElement("script")}} element to tell a browser to execute the <code>https://example.com/example-framework.js</code> script without sending user-credentials.</p>
<pre class="brush: html"><script src="https://example.com/example-framework.js"
crossorigin="anonymous"></script></pre>
<h2 id="Especificações">Especificações</h2>
<table class="standard-table">
<thead>
<tr>
<th scope="col">Especificação</th>
<th scope="col">Estado</th>
<th scope="col">Comentário</th>
</tr>
</thead>
<tbody>
<tr>
<td>{{SpecName('HTML WHATWG', 'infrastructure.html#cors-settings-attributes', 'CORS settings attributes')}}</td>
<td>{{Spec2('HTML WHATWG')}}</td>
<td> </td>
</tr>
<tr>
<td>{{SpecName('HTML WHATWG', 'embedded-content.html#attr-img-crossorigin', 'crossorigin')}}</td>
<td>{{Spec2('HTML WHATWG')}}</td>
<td> </td>
</tr>
</tbody>
</table>
<h2 id="Compatibilidade_de_navegador">Compatibilidade de navegador</h2>
<h3 id="<script_crossorigin>"><script crossorigin></h3>
<p class="hidden">The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out <a href="https://github.com/mdn/browser-compat-data">https://github.com/mdn/browser-compat-data</a> and send us a pull request.</p>
<p>{{Compat("html.elements.script.crossorigin")}}</p>
<h3 id="<video_crossorigin>"><video crossorigin></h3>
<p class="hidden">The compatibility table in this page is generated from structured data. If you'd like to contribute to the data, please check out <a href="https://github.com/mdn/browser-compat-data">https://github.com/mdn/browser-compat-data</a> and send us a pull request.</p>
<p>{{Compat("html.elements.video.crossorigin")}}</p>
<h2 id="Consulte_também">Consulte também</h2>
<ul>
<li><a href="/en-US/docs/Web/HTTP/CORS">Cross-Origin Resource Sharing (CORS)</a></li>
</ul>
<div>{{QuickLinksWithSubpages("/en-US/docs/Web/HTML/")}}</div>
|
