Open daguej opened 1 year ago
Thanks for the detailed report @daguej!
Since I don't think it's possible to detect this before making the request, we would need an option that overrides existing isCrossOriginUrl
behavior. I think it would make sense to add an option to the Resource
constructor, isCrossOrigin
, which keeps track of an internal _isCrossOrigin
property. The getter would then return this value if specified, otherwise default to isCrossOriginUrl
. The intended behavior would then work fetchImage
for both the static and prototype implementations.
Would you have any bandwidth for contributing a fix in a Pull Request? 😃
Consider a
Resource
fetched from the local origin:If the server issues a HTTP redirection to some other origin, the image is loaded from the redirected destination, but the image becomes tainted. If the image is used, this results in Cesium crashing:
Normally,
Resource
auto-detects whether the providedurl
is cross-origin, and sets an internal flag that results in<img crossorigin>
getting set. Since theurl
appears same-origin, this won't happen, and the image is loaded tainted.The
Resource
API provides no way to force CORS loading of a resource. As a workaround, it is possible to hack it by overriding the object's getter:…but this is not ideal.
The
fetchImage
API should include an option that allows you to specify that the request will be cross-origin despite a URL that starts off same-origin. eg