W3C home > Mailing lists > Public > public-html-bugzilla@w3.org > September 2011

[Bug 14056] Please change Security with canvas elements to respect CORS

From: <bugzilla@jessica.w3.org>
Date: Thu, 08 Sep 2011 10:29:16 +0000
To: public-html-bugzilla@w3.org
Message-Id: <E1R1brA-0003oO-PZ@jessica.w3.org>

--- Comment #2 from Ben Adams <gmthundercat@gmail.com> 2011-09-08 10:29:15 UTC ---
(In reply to comment #1)
> The spec provides a crossorigin attribute for this purpose (specifically to
> trigger CORS for the image load), right?  Last I checked both Chrome and Gecko
> have added support for that.

Ah... I think I picked the wrong bit of the spec - its the Same Origin test
pseudo code that doesn't mention CORS (even though CORS is specified above for

It doesn't seem to work in FireFox


Two origins are said to be the same origin if the following algorithm returns
Let A be the first origin being compared, and B be the second origin being
If A and B are both opaque identifiers, and their value is equal, then return
Otherwise, if either A or B or both are opaque identifiers, return false.
If A and B have scheme components that are not identical, return false.
If A and B have host components that are not identical, return false.
If A and B have port components that are not identical, return false.
If either A or B have additional data, but that data is not identical for both,
return false.

Configure bugmail: http://www.w3.org/Bugs/Public/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.
Received on Thursday, 8 September 2011 10:29:18 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 20:02:03 UTC