Closed Bug 1965469 Opened 11 months ago Closed 11 months ago

Emit warning/error message for CORS blocked mask-image

Categories

(Core :: Networking, defect, P2)

Product:
Core
Component:
Networking
Version:
Firefox 138
Platform:
Desktop
All
Type:
defect

Tracking

()

Status:
RESOLVED FIXED
Milestone:
141 Branch
Tracking Flags:
Tracking Status
firefox141 --- fixed

People

(Reporter: dragoon, Assigned: emilio)

References

(Blocks 1 open bug)

Details

(Whiteboard: [necko-triaged])

Attachments

(2 files)

FirefoxMaskImageOriginExample.zip
260.93 KB, application/zip
Details
Bug 1965469 - Try harder to get a window ID for a request. r=#necko-reviewers
48 bytes, text/x-phabricator-request
Details | Review

User Agent: Mozilla/5.0 (X11; Linux x86_64; rv:138.0) Gecko/20100101 Firefox/138.0

Steps to reproduce:

On a local (file://) page, created a div element with a background image and a CSS mask-image. (Attached the minimal example to showcase this. Running it from file:// and a local server produces different results.)

Actual results:

Because mask-image requires a valid CORS origin, the element showed up completely blank (no background, no masked bits visible). Disabling the mask shows the element's background just fine.

No warnings are produced in dev tools. In the dev tools inspector, when hovering over the mask image URL resource, the mask shows up.

Expected results:

A warning should be produced in the console/network/inspector that a resource was blocked due to mask-image's CORS requirements - as documented here: https://developer.mozilla.org/en-US/docs/Web/CSS/mask-image - so that the developer knows the mask-image requires a web server to work. Currently, it just leaves one confused staring at a blank div.

(As an aside, this requirement makes no sense. Why is background-image allowed to load resources from the local file system, but mask-image is not?)

Component: Untriaged → General
OS: Unspecified → All
Product: Firefox → DevTools
Hardware: Unspecified → Desktop
Type: enhancement → defect
Component: General → CSS Parsing and Computation
Product: DevTools → Core
Summary: mask-image CORS warning → Emit warning/error message for CORS blocked mask-image

The severity field is not set for this bug.
:emilio, could you have a look please?

For more information, please visit BugBot documentation.

Flags: needinfo?(emilio)

(In reply to Dragoon Aethis from comment #0)

(As an aside, this requirement makes no sense. Why is background-image allowed to load resources from the local file system, but mask-image is not?)

https://drafts.fxtf.org/css-masking-1/#priv is why. I agree tho that a warning here would be in order.

Flags: needinfo?(emilio)

Same happens with <img crossorigin=anonymous src="mask.png"> so not CSS. But I think I tracked it down.

Severity: -- → S3
Status: UNCONFIRMED → NEW
Component: CSS Parsing and Computation → Networking
Ever confirmed: true

The warning was being logged to the browser console, rather than the web
console. Use the load info to get the right window ID if available.

Do you know of which test would be good to extend for this?

Assignee: nobody → emilio
Status: NEW → ASSIGNED

(In reply to Emilio Cobos Álvarez (:emilio) from comment #4)

Do you know of which test would be good to extend for this?

There's this console test where we check CORS errors: https://searchfox.org/mozilla-central/source/devtools/client/webconsole/test/browser/browser_webconsole_cors_errors.js

Priority: -- → P2
Whiteboard: [necko-triaged]
Pushed by ealvarez@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/6141d2f271f1 Try harder to get a window ID for a request. r=necko-reviewers,devtools-reviewers,valentin,nchevobbe

https://hg.mozilla.org/mozilla-central/rev/6141d2f271f1

Status: ASSIGNED → RESOLVED
Closed: 11 months ago
status-firefox141: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → 141 Branch
QA Whiteboard: [qa-triage-done-c142/b141]
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: