I was just playing around with setting up a second host for models and images and ran into a CORS issue that
would be fixed by adding a image.crossOrigin = ‘anonymous’ statement somewhere around here:
I was wondering what is the take on adding crossOrigin assignments on all images? Am I wrong in thinking
that there is a crossOrigin assignment missing there or is there a security issue if that is added?
(My endpoint did have the CORS headers, i.e. access-control-allow-origin: “*”, so it wasn’t the server
causing the error in the browser.)
This is definitely an issue as it should go to our common loadImage code path which is assigning this correctly. Also it would prevent other functionnality to be working for instance in worker and such.