SecurityError message is being shown for almost every action

[inthemedium]

Hello,

Today everyone of our students running into the following error on Chrome in Windows:

SecurityError An attempt was made to break through the security policy of the user agent.

Any idea what is causing this?

[brianharvey]

Yes, this happens sometimes when you load a vector (as opposed to bitmap) picture into a costume. Try converting the costume to bitmap mode before exporting it. (Or try a different browser; they all behave differently.)

[cycomachead]

Would it be possible to add a message that says to use a bitmapped image?

[inthemedium]

We got these messages from importing the PNG files below.

[inthemedium]

Okay, after seeing the same error in Firefox I think I know the problem. We are dragging the images in from an external (e.g. our Moodle). I imagine the image is referenced rather than copied causing some issue with the web browser security model.

Is this expected behavior?

[jmoenig]

Ah, now this makes sense! That's another of those cross-origin-resource-sharing problems which browsers have recently adopted. It used to not be in Chrome until very recently. Dang. This is something we can't get around when using pictures directly from the net, i.e. from other websites, without saving them locally first. It also doesn't make much sense for browsers to behave that way, and - lamently - as happens so often, misguided "security" concerns get in the way of mashing up media. :-(

Let me research whether there is anything we can do about this...

[jmoenig]

I can drag in pictures from some websites without getting any problems, but not from others. Dragging in pictures from the Snap website (http://snap.berkeley.edu) works fine for me, but pictures taken from the Berkeley CS10 page (http://inst.eecs.berkeley.edu/~cs10/fa13/) raise security errors. Can you maybe change the CORS settings on your Moodle server (is it accessible to you at all?).

[cycomachead]

I'm not sure we would be able to. We no longer have a Moodle server and have been hosting the BYOB media folder via google drive.

However, it's also problematic then it a user finds and image google and drags it in.

Could snap perhaps parse the URL and send a more polite warning to suggest uploading from a disk rather than an Internet connection?

Michael Ball From my iPhone http://michaelballphoto.com

On Sep 11, 2013, at 12:00 PM, Jens Mönig notifications@github.com wrote:

I can drag in pictures from some websites without getting any problems, but not from others. Dragging in pictures from the Snap website (http://snap.berkeley.edu) works fine for me, but pictures taken from the Berkeley CS10 page (http://inst.eecs.berkeley.edu/~cs10/fa13/) raise security errors. Can you maybe change the CORS settings on your Moodle server (is it accessible to you at all?).

— Reply to this email directly or view it on GitHub.

[inthemedium]

Just to be clear this isn't the Berkeley Moodle server, it is one hosted by our school.

[jmoenig]

Okay, this is another "tainted canvas" browser problem. I guess we need to come up with a way that prevents importing such images into Snap. Geez, how I hate those "security" concerns!

[jmoenig]

This has been fixed for future projects. Existing ones may still display this behavior until the tainted costumes are deleted. I'm closing this issue now.