New issue
Advanced search Search tips

Issue 676913 link

Starred by 4 users
Status: Untriaged
Owner: ----
Cc:
mcasas@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: ----
Pri: 3
Type: Bug



Sign in to add a comment

Unexpected 'SecurityError: Source would taint origin.' on BarcodeDetector.detect(VideoElement)

Project Member Reported by paulkin...@google.com, Dec 24 2016 
https://jsbin.com/faciri/latest gets an unexpected error about tainting when trying to detect from a video that has a getUserMedia stream attached.

"5.0 (Linux; Android 7.1.1; Pixel XL Build/NMF26U) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2960.0 Mobile Safari/537.36"

I would expect that the camera stream is not a candidate for tainting, for example if I add the video frame to a canvas and then pass in the ImageDate from the canvas that would not be taineed.


var video = document.getElementById('video');

function detect() {
  if (window.BarcodeDetector == undefined) {
    console.error('Barcode Detection not supported');
    return;
  }
  
  navigator.mediaDevices.getUserMedia({video:true})
    .then(stream => {
    
    video.srcObject = stream;
  })
  .then(() => {
    var detector = new BarcodeDetector();
    detector.detect(video)
    .then(barcodes => {
       console.log(barcodes);
    })
    .catch((e) => {
      console.error("Boo: " + e);
    });
    
  }); 
}

Comment 1 by paulkin...@google.com, Dec 24 2016 

Note, if I use ImageCapture API on the same stream and grab a frame it works perfectly https://jsbin.com/maroki/latest

Comment 2 by paulkin...@google.com, Dec 24 2016

Cc: mcasas@chromium.org
Components: Blink>ImageCapture

Comment 3 by mcasas@chromium.org, Jan 4 2017

Labels: ShapeDetection

Comment 4 by mcasas@chromium.org, Jan 4 2017

Status: Available (was: Untriaged)
Something strange with the URL creation when you do
    video.srcObject = stream;

triggers rejection at [1], digging a bit I found only a 
sub-check that could have possibly caused this issue [2]. 
Regardless, the issue is that <video> is seen as tainting 
<canvas>.



*SOLUTION*: replace the conflicting line with:
    video.src = URL.createObjectURL(stream);

Which works for me in [3]. 


[1] https://cs.chromium.org/chromium/src/third_party/WebKit/Source/modules/shapedetection/ShapeDetector.cpp?q=ShapeDetector.cpp&sq=package:chromium&dr&l=83
[2] https://cs.chromium.org/chromium/src/third_party/WebKit/Source/platform/weborigin/SecurityOrigin.cpp?sq=package:chromium&dr&rcl=1483546794&l=312
[3] http://codepen.io/miguelao/pen/MJYeEM?editors=1010

Comment 5 by mcasas@chromium.org, Mar 8 2017 

Digging a bit further down this rabbit hole, the problem is
that the <video> tag playing back the MediaStream fails the
HTMLMediaElement::isMediaDataCORSSameOrigin(), because when 
we go and check that, the underlying webMediaPlayer() is null,
IOW we check _before_ the <video> tag has finished loading.
Project Member

Comment 6 by sheriffbot@chromium.org, Dec 3

Labels: Hotlist-Recharge-Cold
Status: Untriaged (was: Available)
This issue has been Available for over a year. If it's no longer important or seems unlikely to be fixed, please consider closing it out. If it is important, please re-triage the issue.

Sorry for the inconvenience if the bug really should have been left as Available.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Sign in to add a comment