Bug 64813 - HTMLImageElement::crossOrigin is hard to use because of caching
: HTMLImageElement::crossOrigin is hard to use because of caching
Status: RESOLVED FIXED
: WebKit
Page Loading
: 528+ (Nightly build)
: All All
: P2 Normal
Assigned To:
:
:
:
:
  Show dependency treegraph
 
Reported: 2011-07-19 11:05 PST by
Modified: 2011-07-22 17:18 PST (History)


Attachments
Patch (7.42 KB, patch)
2011-07-22 15:32 PST, Kenneth Russell
no flags Review Patch | Details | Formatted Diff | Diff


Note

You need to log in before you can comment on or make changes to this bug.


Description From 2011-07-19 11:05:21 PST
The crossorigin attribute of HTMLImageElement is hard to use correctly because image responses are often cached.  For example, consider the case where the server always response with the following header:

Access-Control-Allow-Origin: *

If we request the image first without the crossorigin attribute, then we'll send credentials and cache the response in the MemoryCache.  Later, if we request the image with the crossorigin attribute, we'll grab the response out of the MemoryCache, but the CORS check will fail because we'll remember that we sent credentials the first time.

This behavior can be frustrating for web developers who don't understand why the second request isn't allowed.  After all, they said their image was allowed by *.

One possible solution to this problem is to examine the allowCredentials flag when deciding whether the resource in the MemoryCache is appropriate for the given request.  The CachedResourceLoader and CachedResource have a bunch of logic for deciding whether an existing CachedResource is valid for a new request or whether we should evict it and request the resource again.  We could try fixing this issue by including logic to compare the allowCredentials flag in this code path.
------- Comment #1 From 2011-07-21 17:59:53 PST -------
Looking into this.
------- Comment #2 From 2011-07-22 15:32:06 PST -------
Created an attachment (id=101779) [details]
Patch
------- Comment #3 From 2011-07-22 15:34:19 PST -------
(From update of attachment 101779 [details])
Look great.  Thanks!
------- Comment #4 From 2011-07-22 17:18:49 PST -------
(From update of attachment 101779 [details])
Clearing flags on attachment: 101779

Committed r91626: <http://trac.webkit.org/changeset/91626>
------- Comment #5 From 2011-07-22 17:18:53 PST -------
All reviewed patches have been landed.  Closing bug.