237818 – Canvas export fails due to security reasons because of CanvasPattern

Bug 237818 - Canvas export fails due to security reasons because of CanvasPattern

Summary: Canvas export fails due to security reasons because of CanvasPattern

Status:	NEW

Alias:	None

Product:	WebKit
Classification:	Unclassified
Component:	Canvas (show other bugs)
Version:	Safari 15
Hardware:	Unspecified macOS 12

Importance:	P2 Normal
Assignee:	Nobody

URL:
Keywords:	InRadar

Depends on:
Blocks:

Reported:	2022-03-13 04:21 PDT by Eduard Kuzmenko
Modified:	2022-03-14 13:43 PDT (History)
CC List:	4 users (show)

See Also:

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.

Description Eduard Kuzmenko 2022-03-13 04:21:03 PDT

Export fails with error: 'Operation is insecure' when canvas is being filled with pattern, which was created using an image from the same origin. Chrome does not have this issue.

Steps to Reproduce:
- Get an image from the same origin (header 'Access-Control-Allow-Origin: *' must not be present)
- Wait for its load
- Create CanvasPattern using the image
- Fill the canvas with created pattern
- Try to use canvas.toBlob() and it'll fail with 'operation is insecure'

Example: https://jsfiddle.net/morethanwords/4u0L5gdn/54/

Temporary solution: draw the image to additional canvas and create the pattern using the canvas, instead of image.

Comment 1 Radar WebKit Bug Importer 2022-03-14 08:55:41 PDT

<rdar://problem/90248577>