[Vega] Allow image loading without CORS policy by changing the default to crossOrigin=null #91991
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
alexwizp
reviewed
Feb 19, 2021
| return originalSanitize(uri, options); | ||
| const result = await originalSanitize(uri, options); | ||
| // This will allow Vega users to load images from any domain. | ||
| result.crossOrigin = null; |
There was a problem hiding this comment.
@wylieconlon I'm not a big fan of this kind of changes. Could you please help me to reproduce that issue locally. I've modified hosts file, set vis_type_vega.enableExternalUrls: true and use the following vega spec with image from external resource.
Vega spec:
{
$schema: https://vega.github.io/schema/vega/v5.json
marks: [
{
"type": "image",
"encode": {
"enter": {
"url": {
"value": "https://cdn.glitch.com/4c9ebeb9-8b9a-4adc-ad0a-238d9ae00bb5%2Fmdn_logo-only_color.svg?1535749917189"
}
}
}
}
]
}
Result:
Image loaded without any warnings/errors in console
There was a problem hiding this comment.
@alexwizp the image that you're found allows all CORS requests, so it is not a good example of the type of image that causes this behavior. Most CDNs automatically allows CORS requests for images, so maybe the best place to find this kind of image is a non-CDN source. Maybe setting up a local HTTP server on a different port would be a better example.
wylieconlon
approved these changes
Feb 19, 2021
|
@elasticmachine merge upstream |
alexwizp
approved these changes
Feb 25, 2021
alexwizp
added
Feature:Vega
|
Pinging @elastic/kibana-app (Team:KibanaApp) |
|
@elasticmachine merge upstream |
💚 Build SucceededMetrics [docs]Async chunks
History
To update your PR or re-run it, just comment with: cc @VladLasitsa |
stratoula
approved these changes
Feb 25, 2021
|
@elasticmachine run elasticsearch-ci/docs |
VladLasitsa
added a commit
to VladLasitsa/kibana
that referenced
this pull request
Feb 26, 2021
…t to crossOrigin=null (elastic#91991) * changing the default to crossOrigin=null in Vega * Fix eslint Co-authored-by: Kibana Machine <[email protected]>
gmmorris
added a commit
to gmmorris/kibana
that referenced
this pull request
Feb 26, 2021
…bana into task-manager/docs-monitoring * 'task-manager/docs-monitoring' of github.com:gmmorris/kibana: (40 commits) [Security Solution][Case][Bug] Improve case logging (elastic#91924) [Alerts][Doc] Added README documentation for alerts plugin status and framework health checks configuration options. (elastic#92761) Add warning for EQL and Threshold rules if exception list contains value list items (elastic#92914) [Security Solution][Case] Fix subcases bugs on detections and case view (elastic#91836) [APM] Always allow access to Profiling via URL (elastic#92889) [Vega] Allow image loading without CORS policy by changing the default to crossOrigin=null (elastic#91991) skip flaky suite (elastic#92114) [APM] Fix for default fields in correlations view (elastic#91868) (elastic#92090) chore(NA): bump bazelisk to v1.7.5 (elastic#92905) [Maps] fix selecting EMS basemap does not populate input (elastic#92711) API docs (elastic#92827) [kbn/test] add import/export support to KbnClient (elastic#92526) Test fix management scripted field filter functional test and unskip it (elastic#92756) [App Search] Create Curation view/functionality (elastic#92560) [Reporting/Discover] include the document's entire set of fields (elastic#92730) [Fleet] Add new index to fleet for artifacts being served out of fleet-server (elastic#92860) [Alerts][Doc] Added README documentation for API key invalidation configuration options. (elastic#92757) [Discover][docs] Add search for relevance (elastic#90611) [Alerts][Docs] Extended README.md and the user docs with the licensing information. (elastic#92564) [7.12][Telemetry] Security telemetry allowlist fix. (elastic#92850) ...
VladLasitsa
added a commit
that referenced
this pull request
Mar 1, 2021
…t to crossOrigin=null (#91991) (#92956) * changing the default to crossOrigin=null in Vega * Fix eslint Co-authored-by: Kibana Machine <[email protected]> Co-authored-by: Kibana Machine <[email protected]>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Closes: #83978
Summary
Add crossOrigin=null to sanitaze method so that allow Vega users to load images from any domain.