Issue metadata
Sign in to add a comment
|
Tainted canvases may not be exported.
Reported by
activep...@gmail.com,
Mar 11 2018
|
||||||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/65.0.3325.146 Safari/537.36 Steps to reproduce the problem: 1. Upgrade to Chrome 65, chrome 64 Works OK, Firefox OK 2. Try to geta data from a Canvas with canvas.toDataURL() 3. this give an error: DOMException: Failed to execute 'toDataURL' on 'HTMLCanvasElement': Tainted canvases may not be exported. The images are declare in html, in 64 works fine I have one computer that don´t update and I can get de data from canvas, in two computer that have update to 65 the error happens. The problem happens in 65 with http and https. What is the expected behavior? Before Chome 65 the cancas data was acessed OK. What went wrong? The servers sends "Access-Control-Allow-Origin: *" to all files and images, all images are with crossorigin="Anonymous" and are mjpeg stream. The images are not blocked by CORS because if I remove the Access control from the server in chrome console logs the CORS violation, and notthing is loged in console. Did this work before? Yes 64 Does this work in other browsers? Yes Chrome version: 65.0.3325.146 Channel: stable OS Version: 10.0 Flash Version:
,
Mar 12 2018
,
Mar 12 2018
Reporter@ Thanks for the issue. Request you to provide a sample Canvas URL where this issue can be reproduced, which will help in further triaging. Thanks..
,
Mar 12 2018
I will Attach the complete HTML, and some screenshots. I can´t send an example url. because is a video surveillance internal page, and don´t have any internet acess, it´s only internal. If you call ImgParaDado(); in the console you will se the error. If I find some on-line mjpeg stream that have Access-Control-Allow-Origin: * I can put an on-line example.
,
Mar 12 2018
Thank you for providing more feedback. Adding the requester to the cc list. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 12 2018
I have made another test and with an static jpeg image all works. So only with an Mjpeg stream the error happens. In chrome 64 that works OK and in firefox work ok with Mjpeg stream.
,
Mar 13 2018
Reporter@ Thanks for the feedback.
Tested this issue on Windows 10 on the reported version 65.0.3325.146 and the latest Canary 67.0.3368.1 as per comment #4.
1. Launched chrome and loaded the attached camera.html page.
2. Executed ImgParaDado(); in devtools -> Console and can see the error "DOMException: Failed to execute 'drawImage' on 'CanvasRenderingContext2D': The HTMLImageElement provided is in the 'broken' state. at ImgParaDado (file:///C:/Users/vk00481292/Downloads/camera.html:13:41) at <anonymous>:1:1"
3. On executing the same command in Firefox, can see the error "Exception { name: "NS_ERROR_NOT_AVAILABLE", message: "", result: 2147746065, filename: "file:///C:/Users/vk00481292/Downloads/camera.html", lineNumber: 13, columnNumber: 0, data: null, stack: "ImgParaDado@file:///C:/Users/vk00481292/Downloads/camera.html:13:33\n@debugger eval code:1:1\n" }"
Attached are the screen shots for reference.
Request you to please check and update if anything is missed from our end in triaging the issue.
Also please help us with the exact expected behavior which will help in further triaging of the issue.
Thanks..
,
Mar 13 2018
First you can´t run the html form local filesystem. This have to be on o server. Second you need a mjpeg stream with the Access-Control-Allow-Origin: * The HTML don´t work alone as you tested.
,
Mar 13 2018
Thank you for providing more feedback. Adding the requester to the cc list. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 13 2018
To be more clear the link on image in html is http://10.0.0.231/cgi-camera/zms?mode=jpeg&monitor=25&scale=50 this is a internal IP address, so you need to replace with a valid mjpeg stream with the access control police to this work.
,
Mar 14 2018
Reporter@ Thanks for the feedback. Re-tried this issue on the reported version 65.0.3325.146 on Windows 10 by following the below steps. 1. Launched Chrome and run the html page through local server. 2, On executing ImgParaDado(); in devtools -> Console, can observe the same error as mentioned in comment #7. Attached is the screen shot for reference. Request you to please help us in understanding how to proceed with this - 'you need to replace with a valid mjpeg stream with the access control police to this work.'? or can you provide a mjpeg file to test this issue further. A screen cast of the steps followed will help us in further triaging of the issue. Thanks...
,
Mar 14 2018
There is on-lines cameras with mjpeg stream: http://webcam.st-malo.com/axis-cgi/mjpg/video.cgi?resolution=352x288 http://iris.not.iac.es/axis-cgi/mjpg/video.cgi?resolution=320x240 But these streams don´t set Access-Control-Allow-Origin: * So you need to use a proxie or a local redirect to set Access-Control-Allow-Origin: * in the headers so you can test the problem. I think it´s better to switch to firefox where things works. For me it´s just see what change in canvas or mjpeg stream from 64 to 65 and see what´s whente wrong, but it´s apear that the tester don´t know what´s an internal IP, what´s an mjpeg stream, What´s the access control police, etc. So Thank's I will switch to firefox.
,
Mar 14 2018
Thank you for providing more feedback. Adding the requester to the cc list. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 14 2018
Sounds like it could have something to do with multipart+CORS (transferring the ACAO header from the initial response to all parts?)
,
Mar 15 2018
+hiroshige@ who is familiar to image resource loading, and recent image taints fix. can you help this bug triage?
,
Mar 19 2018
Adding 'TE-NeedsTriageHelp' label and requesting Dev team to please check and help in further triaging of this issue. Thanks..
,
Mar 19 2018
|
|||||||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||||||
Comment 1 by gov...@chromium.org
, Mar 12 2018Labels: Needs-Triage-M65