So I think this is INVALID as a Firefox bug: - The behavior described in comment 0 -- i.e. the mask-image being unavailable to jsfiddle/codepen -- is due to CORS default-blocking behavior (which shows up in web console per per comment 3). - Safari 12.1 and Edge 18 agree with Firefox on this. (The mask works in the embedded mdn.mozillademos.org-hosted example, and it fails in the jsfiddle-hosted demo.) - Chrome disagrees but this is a known Chrome bug: https://bugs.chromium.org/p/chromium/issues/detail?id=786507 So the issue here is that MDN is offering jsfiddle/codepen links here that do not work. We should address this somehow. We can either: (1) Adjust mdn.mozillademos.org (at least for this particular star.svg URL) to provide a permissive CORS header in the HTTP response ..or: (2) Remove the codepen/jsfiddle links here entirely -- just show the embedded example without the "tinker" buttons (since they inadvertently trigger this cross-origin issue, due to the demo-content referring to a mdn.mozillademos.org-hosted resource). cmills, do you know if we can act on either of these ^^ options? (Also, please categorize this bug appropriately if you know how -- I'm putting it in the developer.mozilla.org::General category for now, but that's probably wrong.)
Bug 1568451 Comment 5 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
So I think this is INVALID as a Firefox bug: - The behavior described in comment 0 -- i.e. the mask-image being unavailable to jsfiddle/codepen -- is due to CORS default-blocking behavior (which shows up in web console per per comment 3). - Safari 12.1 and Edge 18 agree with Firefox on this. (The mask works in the embedded mdn.mozillademos.org-hosted example, and it fails in the jsfiddle-hosted demo.) - Chrome disagrees but this is a known Chrome bug: https://bugs.chromium.org/p/chromium/issues/detail?id=786507 So the issue here is that MDN is offering jsfiddle/codepen links here that do not work. We should address this somehow. We can either: (1) Adjust mdn.mozillademos.org (at least for this particular star.svg URL) to provide a permissive CORS header in the HTTP response ..or: (2) Remove the codepen/jsfiddle links on [this mask-image page](https://developer.mozilla.org/en-US/docs/Web/CSS/mask-image) entirely -- just show the embedded example without the "tinker" buttons (since they inadvertently trigger this cross-origin issue, due to the demo-content referring to a mdn.mozillademos.org-hosted resource). cmills, do you know if we can act on either of these ^^ options? (Also, please categorize this bug appropriately if you know how -- I'm putting it in the developer.mozilla.org::General category for now, but that's probably wrong.)