Closed
Bug 837153
Opened 11 years ago
Closed 11 years ago
Simple CORS Video WebGL texture fails security check
Categories
(Core :: Graphics: CanvasWebGL, defect)
Tracking
()
RESOLVED
INVALID
People
(Reporter: bjacob, Unassigned)
References
()
Details
(Whiteboard: webgl-conformance)
Here's a simple WebGL CORS video testcase: http://people.mozilla.org/~bjacob/video-cors.html It fails the security check. That's weird as the webm file is really served with CORS headers. Can't easily check them in Firefox due to bug 837152 but in Chromium I get (see "Access-Control-Allow-Origin: *" in the response): Request Headers GET /threejs/three.js/examples/textures/kinect.webm HTTP/1.1 Host: kammerl.de Connection: keep-alive Accept-Encoding: identity;q=1, *;q=0 User-Agent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/536.11 (KHTML, like Gecko) Ubuntu/12.04 Chromium/20.0.1132.47 Chrome/20.0.1132.47 Safari/536.11 Accept: */* Referer: http://people.mozilla.org/~bjacob/video-cors.html Accept-Language: en-GB,en-US;q=0.8,en;q=0.6 Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.3 Range: bytes=0- Response Headers HTTP/1.1 206 Partial Content Date: Fri, 01 Feb 2013 17:14:59 GMT Server: Apache/2.2.14 (Ubuntu) Last-Modified: Mon, 07 Jan 2013 03:28:53 GMT ETag: "8d83a6-3d6878-4d2aa6db3d0fa" Accept-Ranges: bytes Content-Length: 4024440 Access-Control-Allow-Origin: * Content-Range: bytes 0-4024439/4024440 Keep-Alive: timeout=15, max=100 Connection: Keep-Alive Content-Type: video/webm What might (not sure) be weird looking at these headers though is that the request header doesn't have an Origin header.
Reporter | ||
Updated•11 years ago
|
Summary: Simple CORS Video WebGL texture fails to pass security check → Simple CORS Video WebGL texture fails security check
Reporter | ||
Comment 1•11 years ago
|
||
Note: Chrome gives a security exception too, but that might just be because it doesn't support WebGL cross-origin video textures yet (??)
change video.crossOrigin = ''; to video.crossorigin = '';
Reporter | ||
Comment 3•11 years ago
|
||
That works!!! I thought I had tried that! Thanks, and sorry. Note: the testcase still gives a NS_ERROR_FAILURE the first time as the first call to nsLayoutUtils::SurfaceFromElement returns no surface. I suppose that means that image data is not yet available; weird as we do that in the canplay handler, but whatever.
Status: NEW → RESOLVED
Closed: 11 years ago
Resolution: --- → INVALID
Reporter | ||
Comment 4•11 years ago
|
||
...and indeed, our unit tests have .crossorigin all lowercase.
Reporter | ||
Comment 5•11 years ago
|
||
Emailed public_webgl about the remaining NS_ERROR_FAILURE. As a work-around for now you could put a try{...} around that texImage2D call.
According to the HTML spec, the IDL attribute for the 'crossorigin' content attribute should be called 'crossOrigin'. http://dev.w3.org/html5/spec-preview/media-elements.html#attr-media-crossorigin
You need to log in
before you can comment on or make changes to this bug.
Description
•