W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > October 2011

[Bug 14056] Please change Security with canvas elements to respect CORS

From: <bugzilla@jessica.w3.org>
Date: Fri, 21 Oct 2011 00:17:05 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1RH2nJ-0002T2-Vi@jessica.w3.org>

Ben Adams <gmthundercat@gmail.com> changed:

           What    |Removed                     |Added
             Status|RESOLVED                    |REOPENED
         Resolution|WORKSFORME                  |

--- Comment #7 from Ben Adams <gmthundercat@gmail.com> 2011-10-21 00:17:05 UTC ---
(In reply to comment #6)
> EDITOR'S RESPONSE: This is an Editor's Response to your comment. If you are
> satisfied with this response, please change the state of this bug to CLOSED. If
> you have additional information and would like the editor to reconsider, please
> reopen this bug. If you would like to escalate the issue to the full HTML
> Working Group, please add the TrackerRequest keyword to this bug, and suggest
> title and text for the tracker issue; or you may create a tracker issue
> yourself, if you are able to do so. For more details, see this document:
>    http://dev.w3.org/html5/decision-policy/decision-policy.html
> Status: Accepted
> Change Description: no spec change
> Rationale: This seems to have been fixed already, as noted by bz above. Please
> let me know if there is anything I can do in the spec to make this clearer.

The fix was only for 3d canvas in Firefox. As shown by this link

As all browsers other than Chrome fail when using toDataURL on 2d canvas when
cross-domain images and valid CORS headers are used, I was hoping it could be
made clearer in the spec (since it is _so_ widespread).

Perhaps a caveat in the same-origin section to say be aware to pay attention to
CORS when something fails the same-orgin test before applying security
restrictions. Or in the Security with canvas elements to explicitly state to
pay attention to CORS when setting the orgin-clean flag to false?

Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Friday, 21 October 2011 00:17:07 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:02:06 UTC