Allow favicon fetching code to fetch CORS-enabled images without tain… #14809
Conversation
…ing the canvas Fixes brave#14742
|
If canvas.toDataURL can raise an exception, then as a defensive measure, can we also surround it by |
|
@riastradh-brave as far as I can tell, we wouldn't do any further error-handling on the promise anyway. And the thrown error does not block the execution of anything else? We can put a try-catch for cleaner code, but if an error occurs for whatever new reason we don't have a way to respond anyway? |
|
@riastradh-brave as an end user & site developer it's more preferable to enable CORS because a favicon over CDN is pretty common. |
There was a problem hiding this comment.
Fix works great and I think is the appropriate one 😄 I had to check on MDN to make sure I wasn't missing anything
Great job and thanks for the quick turn-around 😄 👍
|
@avoidwork this will be in our next release- which should be happening within 1/1.5 weeks 😄 |
|
yay! thanks! |
Allow favicon fetching code to fetch CORS-enabled images without tain…
Allow favicon fetching code to fetch CORS-enabled images without tain…
|
Yeah, the CORS crossOrigin property is not as well known as it should be. Thanks again @avoidwork for reporting and pushing on this. |
|
I didn't mean using try/catch instead of setting crossOrigin -- rather, in addition to, as a defensive measure in case anything else goes wrong, so that in that case the promise is correctly rejected when it fails. But if there are no other external consequences to failure to reject the promise in this case (I haven't examined what the context is), then maybe it doesn't matter. |
|
If it throws now it's an invalid or misconfigured URI, which is a good signal for site devs. |
|
Got it. Sounds good, then! |
…ing the canvas
Fixes #14742
Submitter Checklist:
git rebase -ito squash commits (if needed).Test Plan:
Reviewer Checklist:
Tests