Re: [csswg-drafts] [css-images] image-orientation:none violates same-origin policy (#5165)

I tend to see the point that orientation/resolution are difficult to obfuscate from the embedder, as they are essentially "embedding instructions".

Perhaps the general discussion about "metadata" is wrong. A resource exposes several types of data:
- Instructions to the embedder, like preferred-size/orientation
- its own content, including pixel data and things like GPS data, camera information and XMP tags
- Information about how the content is served (like timing)

Seems to me that when we try to mix the first type with the second type, we get to requirements that are difficult/impossible to implement: The embedder still needs to know the size/orientation because correctly displaying other content depends on it, but we try to hide that information to avoid cross-origin information leakage.

We can go for interesting but complex solutions like making `image-orientation` inert in some cases, but as commented, it creates a web compatibility headache.

From what I hear, as long as image orientation is respected, and `image-orientation` css is used for backwards compatibility, IMO there is no solution but to close this issue and let that leakage be. (intrinsic image resolution is a different story, as it doesn't have significant backwards compatibility implications).

GitHub Notification of comment by noamr
Please view or discuss this issue at using your GitHub account

Sent via github-notify-ml as configured in

Received on Tuesday, 25 August 2020 12:27:13 UTC