W3C home > Mailing lists > Public > whatwg@whatwg.org > March 2009

[whatwg] Canvas origin-clean should not ignore Access Control for Cross-Site Requests

From: Hans Schmucker <hansschmucker@gmail.com>
Date: Fri, 13 Mar 2009 17:24:23 +0100
Message-ID: <f7458d480903130924j6e0bbc3au86762bd4ddd679ff@mail.gmail.com>
This problem recently became apparent while trying to process a public
video on tinyvid.tv:

In article "Security with canvas elements", the origin-clean
flag is only set depending on an element's origin. However there are
many scenarios where an image/video may actually be public and
actively allowing processing on other domains (as indicated by

Is this an oversight or is there a specific reason why Access Control
for Cross-Site Requests should not work for Canvas?
Received on Friday, 13 March 2009 09:24:23 UTC

This archive was generated by hypermail 2.3.1 : Monday, 13 April 2015 23:08:47 UTC