W3C home > Mailing lists > Public > public-css-archive@w3.org > October 2020

Re: [csswg-drafts] [css-images] image-orientation:none violates same-origin policy (#5165)

From: Phil Cunliffe via GitHub <sysbot+gh@w3.org>
Date: Wed, 14 Oct 2020 23:13:39 +0000
To: public-css-archive@w3.org
Message-ID: <issue_comment.created-708708858-1602717218-sysbot+gh@w3.org>
While I'm glad a decision was made so the uncertainty is gone, I really disagree with the direction.

I agree that from a security standpoint it's unfortunate that cross-origin images are allowed at all but given that they are it's important that they can be used properly. This middle ground approach where some metadata (width and height) is available and others like orientation is not only serves to subtlety break people in difficult to understand ways because the rules are not consistent. Holding the line on orientation alone doesn't isn't win for either paradigm, all it does is make cross-origin images more difficult to use.

-- 
GitHub Notification of comment by philcunliffe
Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/5165#issuecomment-708708858 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Wednesday, 14 October 2020 23:13:41 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 5 July 2022 06:42:20 UTC