Re: [svgwg] Remove support for data: URL in SVGUseElement (#901) from Sebastian Zartner via GitHub on 2023-01-08 (public-svg-issues@w3.org from January 2023)

From: Sebastian Zartner via GitHub <sysbot+gh@w3.org>
Date: Sun, 08 Jan 2023 12:15:27 +0000
To: public-svg-issues@w3.org
Message-ID: <issue_comment.created-1374822074-1673180125-sysbot+gh@w3.org>

Just to provide a use case for cross-origin requests: I recently had the need to re-use an external SVG multiple times within a document and style them individually.

This only works via <use>. Though all images on that site are normally coming from a CDN. And because cross-origin requests are currently not allowed, I had to deliver them via the same domain instead.

If SVG obeyed to CORS, this wouldn't be an issue.

And there could also be some CORS header that controls whether data: URLs are allowed in SVG. So, restricting them by default, yes, but authors would still have a way to opt-in to support them.

Sebastian

-- 
GitHub Notification of comment by SebastianZ
Please view or discuss this issue at https://github.com/w3c/svgwg/pull/901#issuecomment-1374822074 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Sunday, 8 January 2023 12:15:28 UTC