- From: Jonas Sicking <jonas@sicking.cc>
- Date: Fri, 13 Mar 2009 10:59:18 -0700
On Fri, Mar 13, 2009 at 9:24 AM, Hans Schmucker <hansschmucker at gmail.com> wrote: > This problem recently became apparent while trying to process a public > video on tinyvid.tv: > > In article 4.8.11.3 "Security with canvas elements", the origin-clean > flag is only set depending on an element's origin. However there are > many scenarios where an image/video may actually be public and > actively allowing processing on other domains (as indicated by > Access-Control-Allow-Origin). > > Is this an oversight or is there a specific reason why Access Control > for Cross-Site Requests should not work for Canvas? I think it's because the majority of the <canvas> spec was developed before the Access Control spec existed. Or at least before it had the ability to work on images (originally it only worked on XML data). / Jonas
Received on Friday, 13 March 2009 10:59:18 UTC