Partager via


CoreWebView2HostResourceAccessKind Enum

Kind of cross origin resource access allowed for host resources during download. Note that other normal access checks like same origin DOM access check and Content Security Policy still apply. The following table illustrates the host resource cross origin access according to access context and CoreWebView2HostResourceAccessKind.

Cross Origin Access Context DENY ALLOW DENY_CORS
From DOM like src of img, script or iframe element Deny Allow Allow
From Script like Fetch or XMLHttpRequest Deny Allow Deny
Name Value Description
Deny 0x0 All cross origin resource access is denied, including normal sub resource access as src of a script or image element.
Allow 0x1 All cross origin resource access is allowed, including accesses that are subject to Cross-Origin Resource Sharing(CORS) check. The behavior is similar to a web site sends back http header Access-Control-Allow-Origin: *.
DenyCors 0x2 Cross origin resource access is allowed for normal sub resource access like as src of a script or image element, while any access that subjects to CORS check will be denied. See Cross-Origin Resource Sharing for more information.

Referenced by