We are about to switch to a new forum software. Until then we have removed the registration on this forum.
I'm testing in a host (meaning not local). What I can't understand is that html images do show fine though...
Any help on this? Thanks.
the test looks like this:
Cross-origin image load denied by Cross-Origin Resource Sharing policy.
the code goes like:
var canvas;
// window size
var w , h ;
// canvas width and height
var cw, ch;
//canvas positioning
var cx, cy;
// % of w to be canvas size
var w_prop = 1.;
var h_prop = 1.;
//img url
var imgURL = 'http:'+'//www.clker.com/cliparts/9/0/f/5/1194986802274589086football_ball_brice_boye_01.svg.med.png';
var img;
var htmlImg;
function setup() {
// window size
w = windowWidth, h = windowHeight;
// calc everything
calcSizes();
// create canvas
canvas = createCanvas(cw, 100);//thats temp hard number
// positining
canvas.position(cx, cy);
img = loadImage(imgURL);
// this works
htmlImg = createImg(imgURL);
}
function draw() {
background(frameCount%255, 130,0);
//this don't
image(img,100,100);
}
// if window is resized, recalc stuff.
function windowResized(){
calcSizes();
resizeCanvas(cw, ch);
canvas.position(cx,cy);
}
// that's it
var calcSizes = function(){
w = windowWidth, h = windowHeight;
// canvas width and height
cw = w * w_prop;
ch = h * h_prop;
//canvas positioning
cx = 0;//(w - cw) / 2.0;
cy = 0;//100.0;
}
Answers
https://developer.Mozilla.org/en-US/docs/Web/API/HTMLImageElement/Image
https://developer.Mozilla.org/en-US/docs/Web/HTML/Element/img#attr-src
Thanks @GoToLoop going to check that. I'll be back.
https://GitHub.com/processing/p5.js/blob/master/src/image/loading_displaying.js#L96
null
. It then triggers it to reload it as tainted! :ar!P.S.: That
errEvt.target.src = errEvt.target.src;
is weird...However, my Chrome-based browser needed that in order to trigger the reload! 8-}
Firefox works just fine w/o that btW! 8-|
Another P.S.:
This approach to load tainted images can't be used within preload() unfortunately!:(@GoToLoop
I haven't have time to go trough this yet. I will as soon as I can. In the meantime could you provide me with a clarification? I've searched, but could not find the meaning of tainted image in this context. What is it? Thanks!Never mind I found it. :\">
@GoToLoop Finally i got time to try it out. Amazing!! It Just works! Thanks very much! You can see and test it here.
How would I catch 404 errors. I can't figure?
Is this a security flaw? Should I bother?
Another way to do this would be via php?
If I try to loadImage() (without you hack) via node.js would I be facing the same issue?
Thanks.
Glad it worked for ya! Let's hope the official loadImage() gets better in the future! O:-)
Although I'm intermediary in JS, I'm still pretty much ignorant about DOM, HTML & CSS! X_X
W/ that in mind, lemme try to answer those: :(|)
I doubt that the Event triggered by HTMLImageElement would have such property!
I'm afraid that you're gonna need an XMLHttpRequest instead:
https://developer.Mozilla.org/en-US/docs/Web/API/XMLHttpRequest
It got lotsa informative properties like status & responseType for example:
https://developer.Mozilla.org/en-US/docs/Web/API/XMLHttpRequest/status
https://developer.Mozilla.org/en-US/docs/Web/API/XMLHttpRequest/responseType
Within my loadImageErrorOverride() "band-aid", it's assumed its 1st trigger is due to CORS.
By assigning
null
to crossOrigin, next time it triggers, it knows it's the 2nd time by checking crossOrigin out fornull
.Therefore for the 2nd trigger, the cause isn't CORS anymore and much probably it's due the URL doesn't exist after all.
Nope & not much. Although tainted images do contaminate any canvas they touch.
A tainted canvas can't have its content read anymore. Beware of it though! #-o
Dunno PHP. Sorry!
I know lil' 'bout Node.js and IO.js. But since they're based on the same Chrome/Chromium JS VM runtime, it's expected to have similar issues.
Although I believe since they're server-side JS solutions, they're expected to ignore CORS issues! [-O<
Has anyone tried this workaround in instance mode? I simply can't get it to work in instance mode. Weirdly (at least in chrome) I'm seeing this example code launch the print interface when I convert it to instance mode. WTFBBQ?
Hi @gregab. Instance mode demands that all p5.js' API should be called via the reference passed as the parameter of the wrapper function. In turn, that function is passed to p5's constructor.
Take a look at these 2 links below to have some better idea how it works: :-bd
Anyways, I've just converted my old workaround "fix" to use instantiation mode now too. :bz
You can also check it online here: http://CodePen.io/anon/pen/zqbZYV?editors=1010
P.S.: The choice to name the sketch's passed parameter as p is merely a Processing's convention. We can call it anything else of course. :P
Recalled there were some fixes in preload() that allows for the workaround to work there as well now.
Here's version 2.1+ altered to loadImage() inside preload() under more recent p5.js versions: \m/
http://CodePen.io/anon/pen/zqbZYV?editors=0010
https://GitHub.com/processing/p5.js/issues/802
@GoToLoop What are tainted images?
In your last post, you draw your image in line 27. Your function loadImgErrFix assigns
pic.src = pic.src;
How is this related to the img object so for the whole thing to work at the end?Last question. CORS issue is resolved by setting up a local server? Then one should not care about implementing this fix, correct?
Kf
@kfrajer, we should avoid unnecessarily dredging 1+ year forum threads. But whatever! :P
A tainted image is an HTMLImageElement object which was acquired from a server which hasn't explicitly setup CORS permission for that image file. =;
Though we can freely display tainted images in our webpages, we can't read nor modify their pixels! :-O
And once a tainted HTMLImageElement is copied to an HTMLCanvasElement, the later becomes tainted as well! :-&
Obviously, all relative paths within the confines of the root folder don't need any CORS. :-bd
Not exactly. Only relative path accesses within the confines of some ".html" page are free from CORS demand. :-B
Anything else gotta have explicit CORS permission or else the grabbed image becomes tainted! 3:-O
As I had mentioned in my solution post,
pic.src = pic.src;
was only necessary for Chrome-based browsers for re-triggering the download. L-)In my experiment back then,
pic.crossOrigin = null
was already enough to trigger the re-loading attempt for Firefox-based browsers. \m/But you might ask: How can assignment operations trigger anything? :-/
Guess what, both crossOrigin & src properties are actually getter & setter functions: @-)
https://developer.Mozilla.org/en-US/docs/Web/JavaScript/Reference/Functions/get
https://developer.Mozilla.org/en-US/docs/Web/JavaScript/Reference/Functions/set
That is, every reading & writing access to those 2 properties are replaced by an action of invoking an appropriate
function
instead! ;)The problem was that after turning off CORS request by assigning
null
to getter/setter property crossOrigin, I also had to assign something to getter/setter property src in order to trigger its reloading action in Chromium.Well, how about assigning its own value back to itself just for re-triggering's sake. :ar!
@GoToLoop
Thank you for your detail explanation. I believe the tainted explanation was missing in this post.
The CORS permissions is dependent on each browser? Or is defined by the server? You might have already answered this question here:
But then, I also remember prev posts were you said that FireFox do not have CORS restriction (?) and Chrome is another option only if you tag your Chrome's run command with some additional parameters.
Last thing,
So how come you are able to disable cors this way? The re-Triggering downloading this way is guaranteed to always succeed? Now, would you qualify this as a hack? Or is there a proper way to retrieve these elements?
Kf
file://
scheme.file://
scheme. X(I've already said that we need to assign
null
to getter/setter property crossOrigin from an HTMLImageElement object. :-@This way we can grab the image from its server, even though it arrives tainted! :-&