Thanks! Yes it has a base::Feature toggle; one is automatically included: https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/renderer/platform/runtime_enabled_features.json5;l=120;drc=86659902320c9a6ff1083688c928109df3d84f25 https://source.chromium.org/chromium/chromium/src/+/main:third_party/blink/renderer/platform/runtime_enabled_features.json5;l=3594;drc=86659902320c9a6ff1083688c928109df3d84f25
- dale On Wed, Aug 30, 2023 at 8:24 AM Chris Harrelson <chris...@chromium.org> wrote: > LGTM3 > > On Wed, Aug 30, 2023 at 8:23 AM Daniel Bratell <bratel...@gmail.com> > wrote: > >> LGTM2 >> >> /Daniel >> On 2023-08-30 16:24, Yoav Weiss wrote: >> >> LGTM1 to ship, with a base flag to ensure we can rollback if needed. >> >> On Mon, Aug 28, 2023 at 6:16 PM Dale Curtis <dalecur...@chromium.org> >> wrote: >> >>> On Mon, Aug 21, 2023 at 9:41 AM Dale Curtis <dalecur...@chromium.org> >>> wrote: >>> >>>> On Sun, Aug 20, 2023 at 7:36 PM Yoav Weiss <yoavwe...@chromium.org> >>>> wrote: >>>> >>>>> Thanks for working on this!! Eliminating resources which can't be >>>>> loaded as CORS enabled resources is super useful! >>>>> >>>>> On Fri, Aug 18, 2023 at 11:28 PM Dale Curtis <dalecur...@chromium.org> >>>>> wrote: >>>>> >>>>>> Contact emails dalecur...@chromium.org >>>>>> >>>>>> Explainer None >>>>>> >>>>>> Specification https://www.w3.org/TR/SVG >>>>>> >>>>>> Summary >>>>>> >>>>>> Implements the crossOrigin attribute for SVG images: The crossOrigin >>>>>> attribute, valid on the <image> and <feImage> elements, provides support >>>>>> for configuration of the Cross-Origin Resource Sharing (CORS) requests >>>>>> for >>>>>> the element's fetched data. The supported values are the same as >>>>>> elsewhere: >>>>>> "anonymous", "use-credentials", and "" (which means anonymous). >>>>>> https://developer.mozilla.org/en-US/docs/Web/SVG/Attribute/crossorigin >>>>>> https://www.w3.org/TR/SVG/embedded.html#ImageElementCrossoriginAttribute >>>>>> >>>>>> >>>>>> Blink component Blink>SVG >>>>>> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ESVG> >>>>>> >>>>>> Search tags svg <https://chromestatus.com/features#tags:svg>, >>>>>> crossorigin <https://chromestatus.com/features#tags:crossorigin>, >>>>>> image <https://chromestatus.com/features#tags:image> >>>>>> >>>>>> TAG review None >>>>>> >>>>>> TAG review status Not applicable >>>>>> >>>>>> Risks >>>>>> >>>>>> >>>>>> Interoperability and Compatibility >>>>>> >>>>>> None >>>>>> >>>>> >>>>> I believe content that already has a crossorigin attribute, but where >>>>> the servers didn't send ACAO would now be blocked. >>>>> Can we add a usecounter for that case, and monitor it as part of the >>>>> rollout? >>>>> >>>> >>>>> >>>>>> >>>>>> *Gecko*: Shipped/Shipping ( >>>>>> https://developer.mozilla.org/en-US/docs/Web/SVG/Attribute/crossorigin#browser_compatibility >>>>>> ) >>>>>> >>>>> >>>>> According to MDN, that's a fairly recent change. Do you know if it ran >>>>> into any compat issues? >>>>> >>>> >>>> I don't. Nothing is called out on the implementation issue: >>>> https://bugzilla.mozilla.org/show_bug.cgi?id=1240357 >>>> >>>> +longs...@gmail.com who authored the Firefox change in case they want >>>> to weigh in. >>>> >>> >>> Robert indicated privately that Firefox hasn't seen any issues with roll >>> out thus far. >>> >>> >>>> >>>> >>>>> >>>>> >>>>>> >>>>>> *WebKit*: No signal ( >>>>>> https://github.com/WebKit/standards-positions/issues/241) >>>>>> >>>>> >>> WebKit indicates they're likely to mark this as supported shortly: >>> https://github.com/WebKit/standards-positions/issues/241#issuecomment-1693613454 >>> >>> >>>> >>>>>> *Web developers*: Positive >>>>>> >>>>>> *Other signals*: >>>>>> >>>>>> Security >>>>>> >>>>>> The default value of the crossOrigin attribute is "anonymous", both >>>>>> Safari and Chrome currently treat the missing attribute as "no cors". Due >>>>>> to the default value change, content that was previously inaccessible >>>>>> and/or tainted will become accessible without site/developer involvement >>>>>> if >>>>>> the server was already supplying the correct Access-Control-Allow-Origin >>>>>> header. >>>>>> >>>>> >>>> fs pointed out that this is confusingly worded. I've rephrased it as: >>>> "Content that was previously inaccessible and/or tainted will become >>>> accessible without site/developer involvement if the client side element >>>> has a crossOrigin attribute and the server was already supplying the >>>> correct Access-Control-Allow-Origin header." >>>> >>>> >>>>> >>>>>> >>>>>> WebView application risks >>>>>> >>>>>> Does this intent deprecate or change behavior of existing APIs, such >>>>>> that it has potentially high risk for Android WebView-based applications? >>>>>> >>>>>> None >>>>>> >>>>>> >>>>>> Debuggability >>>>>> >>>>>> None >>>>>> >>>>>> >>>>>> Will this feature be supported on all six Blink platforms (Windows, >>>>>> Mac, Linux, Chrome OS, Android, and Android WebView)? Yes >>>>>> >>>>>> Is this feature fully tested by web-platform-tests >>>>>> <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md> >>>>>> ? Yes >>>>>> >>>>> >>>>> Link to wpt.fyi that shows Firefox passing the tests currently? >>>>> >>>> >>>> Hmm, I linked to them on the chromestatus entry, I guess it doesn't >>>> include them here: >>>> >>>> https://wpt.fyi/results/svg/embedded/image-crossorigin.sub.html?label=master&label=experimental&aligned >>>> https://wpt.fyi/results/webcodecs/videoFrame-construction.crossOriginSource.sub.html?label=master&label=experimental&aligned >>>> >>>> >>>>> >>>>> >>>>>> >>>>>> >>>>>> Flag name on chrome://flags None >>>>>> >>>>>> Finch feature name SvgCrossOriginAttribute >>>>>> >>>>>> Non-finch justification >>>>>> >>>>>> Minor attribute addition. >>>>>> >>>>>> >>>>>> Requires code in //chrome? False >>>>>> >>>>>> Tracking bug >>>>>> https://bugs.chromium.org/p/chromium/issues/detail?id=842321 >>>>>> >>>>>> Launch bug >>>>>> https://bugs.chromium.org/p/chromium/issues/detail?id=842321 >>>>>> >>>>>> Estimated milestones >>>>>> Shipping on desktop 118 >>>>>> Shipping on Android 118 >>>>>> >>>>>> Anticipated spec changes >>>>>> >>>>>> Open questions about a feature may be a source of future web compat >>>>>> or interop issues. Please list open issues (e.g. links to known github >>>>>> issues in the project for the feature specification) whose resolution may >>>>>> introduce web compat/interop risk (e.g., changing to naming or structure >>>>>> of >>>>>> the API in a non-backward-compatible way). >>>>>> None >>>>>> >>>>>> Link to entry on the Chrome Platform Status >>>>>> https://chromestatus.com/feature/5109030850134016 >>>>>> -- >>>>>> You received this message because you are subscribed to the Google >>>>>> Groups "blink-dev" group. >>>>>> To unsubscribe from this group and stop receiving emails from it, >>>>>> send an email to blink-dev+unsubscr...@chromium.org. >>>>>> To view this discussion on the web visit >>>>>> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPUDrwdovYUciES4qqjJ3PckFOvc_6yzBVn_b4uKyuA9xwbv6Q%40mail.gmail.com >>>>>> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPUDrwdovYUciES4qqjJ3PckFOvc_6yzBVn_b4uKyuA9xwbv6Q%40mail.gmail.com?utm_medium=email&utm_source=footer> >>>>>> . >>>>>> >>>>> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to blink-dev+unsubscr...@chromium.org. >> To view this discussion on the web visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfVuZxs7AGfPz23oVfPCnxQQ5Wk7F0tVAuc3WmQhe9zipw%40mail.gmail.com >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAL5BFfVuZxs7AGfPz23oVfPCnxQQ5Wk7F0tVAuc3WmQhe9zipw%40mail.gmail.com?utm_medium=email&utm_source=footer> >> . >> >> -- >> You received this message because you are subscribed to the Google Groups >> "blink-dev" group. >> To unsubscribe from this group and stop receiving emails from it, send an >> email to blink-dev+unsubscr...@chromium.org. >> To view this discussion on the web visit >> https://groups.google.com/a/chromium.org/d/msgid/blink-dev/8f5813e3-38c4-b036-15d4-2248f15be6e6%40gmail.com >> <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/8f5813e3-38c4-b036-15d4-2248f15be6e6%40gmail.com?utm_medium=email&utm_source=footer> >> . >> > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPUDrwdF9084EynHN027Sb7gvhNptMpD9CjSCwZ4b%2Bc4Azfhvg%40mail.gmail.com.
