Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add tests for HTMLMediaElement.crossOrigin #16971

Open
Ms2ger opened this issue May 23, 2019 · 1 comment
Open

Add tests for HTMLMediaElement.crossOrigin #16971

Ms2ger opened this issue May 23, 2019 · 1 comment
Labels
html type:missing-coverage

Comments

@Ms2ger
Copy link
Contributor

Ms2ger commented May 23, 2019

Spec: https://html.spec.whatwg.org/multipage/media.html#concept-media-load-resource
@guest271314
Copy link
Contributor

Should the tests be designed based on what is described should occur at

Fetch request.

The response’s unsafe response obtained in this fashion, if any, contains the media data. It can be CORS-same-origin or CORS-cross-origin; this affects whether subtitles referenced in the media data are exposed in the API and, for video elements, whether a canvas gets tainted when the video is drawn on it.

and

https://html.spec.whatwg.org/multipage/urls-and-fetching.html#cors-settings-attribute

Keyword State Brief description
anonymous Anonymous Requests for the element will have their mode set to "cors" and their credentials mode set to "same-origin".
use-credentials Use Credentials Requests for the element will have their mode set to "cors" and their credentials mode set to "include".

The empty string is also a valid keyword, and maps to the Anonymous state. The attribute's invalid value default is the Anonymous state. For the purposes of reflection, the canonical case for the Anonymous state is the anonymous keyword. The missing value default, used when the attribute is omitted, is the No CORS state.

The majority of fetches governed by CORS settings attributes will be done via the create a potential-CORS request algorithm.

For module scripts, certain CORS settings attributes have been repurposed to have a slightly different meaning, wherein they only impact the request's credentials mode (since the mode is always "cors"). To perform this translation, we define the module script credentials mode for a given CORS settings attribute to be determined by switching on the attribute's state:

No CORS
Anonymous
"same-origin"
Use Credentials
"include"

that is, whether or not an image from <video> can be drawn onto a <canvas> and whether or not Web Audio API can use cross-origin media data (https://stackoverflow.com/a/31907336)? Should the tests also include how MediaRecorder and WebRTC handle the attribute being set where the underlying media resource passed to those API's is sourced from an HTMLMediaElement?

What should be the effect of using HTMLMediaElement.crossOrigin = "use-credentials" compared to using crossOrigin = "anonymous"?

There are some existing tests at

See also

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
html type:missing-coverage
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@Ms2ger @guest271314