COREWEBVIEW2_HOST_RESOURCE_ACCESS_KIND_DENY

Kind of cross origin resource access allowed for host resources during download. Note that other normal access checks like same origin DOM access check and [Content Security Policy](https://developer.mozilla.org/docs/Web/HTTP/CSP) still apply. The following table illustrates the host resource cross origin access according to access context and COREWEBVIEW2_HOST_RESOURCE_ACCESS_KIND.

Cross Origin Access Context | DENY | ALLOW | DENY_CORS

From Script like Fetch or XMLHttpRequest| Deny | Allow | Deny

Values

ValueMeaning
COREWEBVIEW2_HOST_RESOURCE_ACCESS_KIND_DENY

All cross origin resource access is denied, including normal sub resource access as src of a script or image element.

COREWEBVIEW2_HOST_RESOURCE_ACCESS_KIND_ALLOW

All cross origin resource access is allowed, including accesses that are subject to Cross-Origin Resource Sharing(CORS) check. The behavior is similar to a web site sends back http header Access-Control-Allow-Origin: *.

COREWEBVIEW2_HOST_RESOURCE_ACCESS_KIND_DENY_CORS

Cross origin resource access is allowed for normal sub resource access like as src of a script or image element, while any access that subjects to CORS check will be denied. See Cross-Origin Resource Sharing for more information.

Meta