W3C home > Mailing lists > Public > public-css-archive@w3.org > August 2020

Re: [csswg-drafts] [css-images] image-orientation:none violates same-origin policy (#5165)

From: Phil Cunliffe via GitHub <sysbot+gh@w3.org>
Date: Thu, 20 Aug 2020 00:08:33 +0000
To: public-css-archive@w3.org
Message-ID: <issue_comment.created-676822371-1597882112-sysbot+gh@w3.org>
Our use-case is very similar to the one mentioned in this bit of the conversation

> <dael> cbiesinger: I'm in favor of model TabAtkins desc. Had one person contact me where he would like it to comeintue to apply to cross origin b/c they have tool to present image and get user to annotate and then they hand over annotation to another tool. Without being able to tell the tool the orientation they can't tell if they have to process.
> <dael> s/ cbiesinger /heycam
> <dael> heycam: THey can work around that
> <dael> TabAtkins: Or preprocess to turn on cors stuff they'll be fine

Many of our users won't turn on CORS because of truly sensitive data like GPS coordinates which can be present in EXIF data. Because of that preprocessing said images to enable CORS is either impossible or unethical.

For context here's the order of events from our perspective:
1. We had a default behavior changed without any real method for backwards compatibility (image-orientation didn't affect <canvas> elements)
2. We built a tenuous fix which leverages an image with image-orientation: none to maintain backwards compatibility
3. Based on my reading of this thread, the chosen solution is that images without CORS headers will be rotated and not even indicate that they were rotated. Leaving us with no recourse for emulating the default behavior from a few months ago.

I understand that the 1st fix from [#5165 (comment)](https://github.com/w3c/csswg-drafts/issues/5165#issuecomment-654127723) will initially affect more people negatively, but it's also the only option that maintains a path for backwards compatibility with the default behavior which was changed very recently.

GitHub Notification of comment by philcunliffe
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/5165#issuecomment-676822371 using your GitHub account

Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 20 August 2020 00:08:35 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 06:42:13 UTC