In Chrome, image requests are sent without credentials. This is because xml3d.js sets the crossOrigin to "anonymous" if the request is cross-origin or not.
A possible solution:
Remove setting to "anonymous"
Check if texture request is cross origing
If yes, set the CORS attribute to the value defined by an entry in XML3D.options
As soon as a cross-side texture is used, the related canvas is set tainted and operations such as picking will stop working because the browser throws a security exception if pixels are read. Thus a warning should be written to console if someone tries using a cross-side texture. Also, one should check if the security exception is handled in the framework.
In Chrome, image requests are sent without credentials. This is because xml3d.js sets the crossOrigin to "anonymous" if the request is cross-origin or not.
A possible solution:
As soon as a cross-side texture is used, the related canvas is set tainted and operations such as picking will stop working because the browser throws a security exception if pixels are read. Thus a warning should be written to console if someone tries using a cross-side texture. Also, one should check if the security exception is handled in the framework.