Closed Bug 837153 Opened 11 years ago Closed 11 years ago

Simple CORS Video WebGL texture fails security check

Categories

(Core :: Graphics: CanvasWebGL, defect)

x86_64
Linux
defect
Not set
normal

Tracking

()

RESOLVED INVALID

People

(Reporter: bjacob, Unassigned)

References

()

Details

(Whiteboard: webgl-conformance)

Here's a simple WebGL CORS video testcase:

  http://people.mozilla.org/~bjacob/video-cors.html

It fails the security check.

That's weird as the webm file is really served with CORS headers. Can't easily check them in Firefox due to bug 837152 but in Chromium I get (see "Access-Control-Allow-Origin: *" in the response):

Request Headers
GET /threejs/three.js/examples/textures/kinect.webm HTTP/1.1
Host: kammerl.de
Connection: keep-alive
Accept-Encoding: identity;q=1, *;q=0
User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/536.11 (KHTML, like Gecko) Ubuntu/12.04 Chromium/20.0.1132.47 Chrome/20.0.1132.47 Safari/536.11
Accept: */*
Referer: http://people.mozilla.org/~bjacob/video-cors.html
Accept-Language: en-GB,en-US;q=0.8,en;q=0.6
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3
Range: bytes=0-

Response Headers
HTTP/1.1 206 Partial Content
Date: Fri, 01 Feb 2013 17:14:59 GMT
Server: Apache/2.2.14 (Ubuntu)
Last-Modified: Mon, 07 Jan 2013 03:28:53 GMT
ETag: "8d83a6-3d6878-4d2aa6db3d0fa"
Accept-Ranges: bytes
Content-Length: 4024440
Access-Control-Allow-Origin: *
Content-Range: bytes 0-4024439/4024440
Keep-Alive: timeout=15, max=100
Connection: Keep-Alive
Content-Type: video/webm


What might (not sure) be weird looking at these headers though is that the request header doesn't have an Origin header.
Summary: Simple CORS Video WebGL texture fails to pass security check → Simple CORS Video WebGL texture fails security check
Note: Chrome gives a security exception too, but that might just be because it doesn't support WebGL cross-origin video textures yet (??)
change

video.crossOrigin = '';

to

video.crossorigin = '';
That works!!!

I thought I had tried that! Thanks, and sorry.

Note: the testcase still gives a NS_ERROR_FAILURE the first time as the first call to nsLayoutUtils::SurfaceFromElement returns no surface. I suppose that means that image data is not yet available; weird as we do that in the canplay handler, but whatever.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
...and indeed, our unit tests have .crossorigin all lowercase.
Emailed public_webgl about the remaining NS_ERROR_FAILURE. As a work-around for now you could put a try{...} around that texImage2D call.
According to the HTML spec, the IDL attribute for the 'crossorigin' content attribute should be called 'crossOrigin'.

http://dev.w3.org/html5/spec-preview/media-elements.html#attr-media-crossorigin
You need to log in before you can comment on or make changes to this bug.