On Mon, Aug 21, 2023 at 1:24 AM Fredrik Söderquist <f...@opera.com> wrote:

> On Mon, Aug 21, 2023 at 4:36 AM Yoav Weiss <yoavwe...@chromium.org> wrote:
>
>> Thanks for working on this!! Eliminating resources which can't be loaded
>> as CORS enabled resources is super useful!
>>
>> On Fri, Aug 18, 2023 at 11:28 PM Dale Curtis <dalecur...@chromium.org>
>> wrote:
>>
>>> Contact emailsdalecur...@chromium.org
>>>
>>> ExplainerNone
>>>
>>> Specificationhttps://www.w3.org/TR/SVG
>>>
>>> Summary
>>>
>>> Implements the crossOrigin attribute for SVG images: The crossOrigin
>>> attribute, valid on the <image> and <feImage> elements, provides support
>>> for configuration of the Cross-Origin Resource Sharing (CORS) requests for
>>> the element's fetched data. The supported values are the same as elsewhere:
>>> "anonymous", "use-credentials", and "" (which means anonymous).
>>> https://developer.mozilla.org/en-US/docs/Web/SVG/Attribute/crossorigin
>>> https://www.w3.org/TR/SVG/embedded.html#ImageElementCrossoriginAttribute
>>>
>>
> This should probably rather point to
> https://www.w3.org/TR/SVG/embedded.html#__svg__SVGImageElement__crossOrigin
> since - for <image> this only affects/adds the IDL attribute while the
> content attribute has been supported for a long time (archeology needed).
> For <feImage> it would be both though.
>

Done on the chromestatus side.


>
>
>>
>>>
>>> Blink componentBlink>SVG
>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ESVG>
>>>
>>> Search tagssvg <https://chromestatus.com/features#tags:svg>, crossorigin
>>> <https://chromestatus.com/features#tags:crossorigin>, image
>>> <https://chromestatus.com/features#tags:image>
>>>
>>> TAG reviewNone
>>>
>>> TAG review statusNot applicable
>>>
>>> Risks
>>>
>>>
>>> Interoperability and Compatibility
>>>
>>> None
>>>
>>
>> I believe content that already has a crossorigin attribute, but where the
>> servers didn't send ACAO would now be blocked.
>>
>
> Should only affect <feImage>, not <image>.
>
>
>> Can we add a usecounter for that case, and monitor it as part of the
>> rollout?
>>
>>
>>>
>>> *Gecko*: Shipped/Shipping (
>>> https://developer.mozilla.org/en-US/docs/Web/SVG/Attribute/crossorigin#browser_compatibility
>>> )
>>>
>>
>> According to MDN, that's a fairly recent change. Do you know if it ran
>> into any compat issues?
>>
>>
>>>
>>> *WebKit*: No signal (
>>> https://github.com/WebKit/standards-positions/issues/241)
>>>
>>> *Web developers*: Positive
>>>
>>> *Other signals*:
>>>
>>> Security
>>>
>>> The default value of the crossOrigin attribute is "anonymous", both
>>> Safari and Chrome currently treat the missing attribute as "no cors". Due
>>> to the default value change, content that was previously inaccessible
>>> and/or tainted will become accessible without site/developer involvement if
>>> the server was already supplying the correct Access-Control-Allow-Origin
>>> header.
>>>
>>>
>>> WebView application risks
>>>
>>> Does this intent deprecate or change behavior of existing APIs, such
>>> that it has potentially high risk for Android WebView-based applications?
>>>
>>> None
>>>
>>>
>>> Debuggability
>>>
>>> None
>>>
>>>
>>> Will this feature be supported on all six Blink platforms (Windows, Mac,
>>> Linux, Chrome OS, Android, and Android WebView)?Yes
>>>
>>> Is this feature fully tested by web-platform-tests
>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>
>>> ?Yes
>>>
>>
>> Link to wpt.fyi that shows Firefox passing the tests currently?
>>
>>
>>>
>>>
>>> Flag name on chrome://flagsNone
>>>
>>> Finch feature nameSvgCrossOriginAttribute
>>>
>>> Non-finch justification
>>>
>>> Minor attribute addition.
>>>
>>>
>>> Requires code in //chrome?False
>>>
>>> Tracking bughttps://bugs.chromium.org/p/chromium/issues/detail?id=842321
>>>
>>> Launch bughttps://bugs.chromium.org/p/chromium/issues/detail?id=842321
>>>
>>> Estimated milestones
>>> Shipping on desktop 118
>>> Shipping on Android 118
>>>
>>> Anticipated spec changes
>>>
>>> Open questions about a feature may be a source of future web compat or
>>> interop issues. Please list open issues (e.g. links to known github issues
>>> in the project for the feature specification) whose resolution may
>>> introduce web compat/interop risk (e.g., changing to naming or structure of
>>> the API in a non-backward-compatible way).
>>> None
>>>
>>> Link to entry on the Chrome Platform Status
>>> https://chromestatus.com/feature/5109030850134016
>>>
>>> --
>>> You received this message because you are subscribed to the Google
>>> Groups "blink-dev" group.
>>> To unsubscribe from this group and stop receiving emails from it, send
>>> an email to blink-dev+unsubscr...@chromium.org.
>>> To view this discussion on the web visit
>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPUDrwdovYUciES4qqjJ3PckFOvc_6yzBVn_b4uKyuA9xwbv6Q%40mail.gmail.com
>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPUDrwdovYUciES4qqjJ3PckFOvc_6yzBVn_b4uKyuA9xwbv6Q%40mail.gmail.com?utm_medium=email&utm_source=footer>
>>> .
>>>
>>

-- 
You received this message because you are subscribed to the Google Groups 
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to blink-dev+unsubscr...@chromium.org.
To view this discussion on the web visit 
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPUDrwcpPHp%3D22%2BtMU%2BG4xKi7yFeMJw0Ou8SSubig%2B6ORYo_jA%40mail.gmail.com.

Reply via email to