| Value | Meaning |
|---|---|
| COREWEBVIEW2_HOST_RESOURCE_ACCESS_KIND_DENY | All cross origin resource access is denied, including normal sub resource access as src of a script or image element. |
| COREWEBVIEW2_HOST_RESOURCE_ACCESS_KIND_ALLOW | All cross origin resource access is allowed, including accesses that are subject to Cross-Origin Resource Sharing(CORS) check. The behavior is similar to a web site sends back http header Access-Control-Allow-Origin: *. |
| COREWEBVIEW2_HOST_RESOURCE_ACCESS_KIND_DENY_CORS | Cross origin resource access is allowed for normal sub resource access like as src of a script or image element, while any access that subjects to CORS check will be denied. See Cross-Origin Resource Sharing for more information. |
Kind of cross origin resource access allowed for host resources during download. Note that other normal access checks like same origin DOM access check and [Content Security Policy](https://developer.mozilla.org/docs/Web/HTTP/CSP) still apply. The following table illustrates the host resource cross origin access according to access context and COREWEBVIEW2_HOST_RESOURCE_ACCESS_KIND.
Cross Origin Access Context | DENY | ALLOW | DENY_CORS
From Script like Fetch or XMLHttpRequest| Deny | Allow | Deny