[Webkit-unassigned] [Bug 71053] New: Anonymous CORS fetch for WebGL texture fails when there is no appropriate server response even for the same origin requests
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Oct 27 12:29:40 PDT 2011
https://bugs.webkit.org/show_bug.cgi?id=71053
Summary: Anonymous CORS fetch for WebGL texture fails when
there is no appropriate server response even for the
same origin requests
Product: WebKit
Version: 528+ (Nightly build)
Platform: Unspecified
OS/Version: Unspecified
Status: UNCONFIRMED
Severity: Normal
Priority: P2
Component: WebGL
AssignedTo: webkit-unassigned at lists.webkit.org
ReportedBy: postfilter at gmail.com
CC: abarth at webkit.org
Asking for anonymous CORS fetch for WebGL texture from the server that doesn't know about CORS throws security exception even when the script and image share the same origin.
Not sure if this is a bug or feature, specs are somehow ambiguous:
http://www.whatwg.org/specs/web-apps/current-work/multipage/fetching-resources.html#attr-crossorigin-anonymous
(it is clear that security exception should be thrown when CORS request does not succeed when origins do differ, what is not clear is what should happen when origins are the same)
This behavior changed in recent Chrome Canary 17.0.919.0. Before, when you asked for anonymous CORS (by setting image.crossOrigin='') it didn't matter what server did if origins of the script and image were the same.
How to reproduce:
Go for example here:
http://mrdoob.github.com/three.js/examples/webgl_materials_normalmap2.html
This used to show textured model. Instead Chrome console now shows exception:
"Cross-origin image load denied by Cross-Origin Resource Sharing policy."
Additional info:
This issue is related to following Chromium and three.js issues:
http://code.google.com/p/chromium/issues/detail?id=82042
https://github.com/mrdoob/three.js/issues/687
Firefox 7.0.1 and nightly Firefox 10.0a1 (2011-10-27) do behave like Chrome used to (stable Chrome 15.0.874.106 still works like this): CORS fetch mode does not matter when image and script share the same origin.
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list