[Webkit-unassigned] [Bug 63090] img.crossOrigin not respected on cached images
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Fri Dec 21 12:33:21 PST 2012
https://bugs.webkit.org/show_bug.cgi?id=63090
--- Comment #9 from Kenneth Russell <kbr at google.com> 2012-12-21 12:35:34 PST ---
(In reply to comment #8)
> Cross-linking to: http://code.google.com/p/chromium/issues/detail?id=158131
>
> I'm not familiar enough with the code to know which project owns the issue, but this is really a show-stopper bug for using cross-domain images.
>
> Eric's attachment is one example- I think I've recreated the same on this jsfiddle:
>
> http://jsfiddle.net/Gup6R/23/ (also includes workarounds for http://code.google.com/p/chromium/issues/detail?id=7731)
Matt: I don't think your jsFiddle is valid. As far as I can tell, the image is not being served up by Amazon's servers with the proper response headers.
curl --head --header "Origin: www.google.com" http://s3-us-west-1.amazonaws.com/jsfiddle/imgres-1.jpeg
does not contain the necessary "Access-Control-Allow-Origin: *" in the response header.
However,
curl --head --header "Origin: www.google.com" https://lh4.googleusercontent.com/_DtxSDesXuhE/TYjQ-wnkF7I/AAAAAAAAAu4/0ZTlsnfajsQ/s800/IMG_1118.JPG
does. (In fact, it returns "Access-Control-Allow-Origin: *" even without the Origin: header, which is required to avoid sending the "Vary: Origin" response header, which will break disk caching of the resource.)
--
Configure bugmail: https://bugs.webkit.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
More information about the webkit-unassigned
mailing list