W3C home > Mailing lists > Public > public-css-archive@w3.org > June 2020

Re: [csswg-drafts] [css-images] image-orientation:none violates same-origin policy (#5165)

From: Noam Rosenthal via GitHub <sysbot+gh@w3.org>
Date: Thu, 04 Jun 2020 16:29:49 +0000
To: public-css-archive@w3.org
Message-ID: <issue_comment.created-638966412-1591288188-sysbot+gh@w3.org>
> An alternative to consider is to act as if images generated from opaque responses never have EXIF data. Requiring each feature that can disable EXIF data to take such images into account feels very brittle to me.

I think that that would create a requirement that would make people enable CORS when they didn't otherwise have to - just to have their images display correctly.

I think there's no reason why this requirement should be on the usage of EXIF, instead on the feature that *overrides* (and thus exposes) `EXIF`, such as `image-orientation` and `image-resolution` CSS properties.

Otherwise, it feels like we're trying to prevent a threat of a hypothetical future API. Is that a necessary thing to do?

-- 
GitHub Notification of comment by noamr
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/5165#issuecomment-638966412 using your GitHub account
Received on Thursday, 4 June 2020 16:29:51 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 19 October 2021 01:31:27 UTC