- From: Dominic Farolino <notifications@github.com>
- Date: Thu, 22 Nov 2018 18:07:38 -0800
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <whatwg/fetch/issues/737/441143592@github.com>
Was looking at https://html.spec.whatwg.org/multipage/canvas.html#drawing-images:the-image-argument-is-not-origin-clean which sets a CanvasRenderingContext2D's _origin-clean_ flag to false if _image_ is not origin-clean; it seems like the only criteria considered when determining whether or not an image is [not origin-clean](https://html.spec.whatwg.org/multipage/canvas.html#the-image-argument-is-not-origin-clean) is the image's origin with respect to that of the entry settings object. I think that the origin of an image that undergoes A->B->A redirects will be same-origin with that of the entry settings object, even though the response is [CORS-cross-origin](https://html.spec.whatwg.org/multipage/urls-and-fetching.html#cors-cross-origin). It seems if we want the behavior that @youennf's test proposes, we'd have to make the definition of [is not origin-clean](https://html.spec.whatwg.org/multipage/canvas.html#the-image-argument-is-not-origin-clean) also consider whether _image_'s origin is CORS-cross-origin right, similarly to what we do [_muted errors_](https://html.spec.whatwg.org/multipage/webappapis.html#fetching-scripts:cors-cross-origin-2)? (As opposed to what we thought before, where HTML would have to be updated after #834 to allow reading this data from a canvas if desirable) -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/issues/737#issuecomment-441143592
Received on Friday, 23 November 2018 02:08:01 UTC