cross-origin mask-image is not accessible when referenced from cross-origin stylesheet (where both responses have the CORS `Access-Control-Allow-Origin` header to allow main site's origin)
Categories
(Core :: Layout, defect)
Tracking
()
People
(Reporter: dholbert, Assigned: dholbert)
References
(Regression)
Details
(Keywords: regression, webcompat:platform-bug)
Attachments
(2 files)
Spinning this off as the underlying platform bug behind bug 1969852.
STR:
- Download and extract the attached .zip file.
- Open 3 separate terminal windows, each inside of the directory that you just extracted from the .zip file.
- Run the following 3 commands in those 3 terminals, to spawn 3 distinct web servers (for origins (A), (B), and (C) from bug 1969852 comment 7):
python3 -m http.server 8000
python3 ./serve-stylesheet.py
python3 ./serve-image.py
- In a browser, visit http://localhost:8000/test.html
EXPECTED RESULTS:
Below the informative "View me..." line, you should see a lime-green circle with "Text clipped to a circle" repeated inside of it (and clipped)
ACTUAL RESULTS:
Nothing at all below the "View me..." line.
NOTES:
- The custom python scripts
serve-stylesheet.pyandserve-image.pyeach allow their contents to be used bylocalhost:8000, via the CORSAccess-Control-Allow-Originheader. - However, Firefox seems to be cluing into the fact that technically the thing referencing the image here is the stylesheet which comes from
localhost:8001, notlocalhost:8000. And so we're blocking the usage of the image. - I'm not sure offhand if that's correct or not (you could make a case either way), but it does differ from Chrome and Safari.
|
Assignee | |
Comment 1•1 year ago
|
||
(note: I based the testcase's python code (in serve-stylesheet.py and serve-image.py) on a Access-Control-Allow-Origin example that I found on stack overflow. The resulting web server doesn't seem to be super robust against repeated loads; it sometimes stops responding to requests after a few loads, which is probably because it's intentionally a toy example. If that happens, just kill it with Ctrl+C and restart it.)
|
|
Assignee | |
Comment 2•1 year ago
|
||
|
|
Assignee | |
Updated•1 year ago
|
|
|
Assignee | |
Comment 3•1 year ago
|
||
mozregression says this is a regression from bug bug 1496505. Before that change, we match Chrome and Safari on the testcase here.
|
||
Comment 4•1 year ago
|
||
Set release status flags based on info from the regressing bug 1496505
:bradwerth, since you are the author of the regressor, bug 1496505, could you take a look?
For more information, please visit BugBot documentation.
|
|
Assignee | |
Comment 5•1 year ago
|
||
This is a pretty ancient regression; I'm looking into this, and I don't think we need to bother bradwerth with it (though his opinions are welcome).
(We also might end up fixing this as part of fixing other related bugs; not sure.)
|
||
Updated•1 year ago
|
|
||
Updated•11 months ago
|
|
|
||
Updated•11 months ago
|
|
|
Assignee | |
Comment 6•9 months ago
|
||
I'll be fixing this via bug 1970490, whose patch I just queued for landing.
Assuming that patch sticks, we can consider this fixed-by-that-bug. ni=me to remember to make that update when the patch has stuck.
|
|
Assignee | |
Comment 7•9 months ago
|
||
Closing as FIXED by bug 1970490.
|
||
Updated•9 months ago
|
|
||
Updated•9 months ago
|
Description
•