Skip to content

Commit 1a6b76d

Browse files
andrewserongadamsilversteint-hamanoinc2734
authored andcommitted
Cross Origin Isolation: Remove img from the list of elements that get mutated (#76618)
* Try to fix image previews for images without CORS in 7.0 * Add backport changelog for core PR #11291 --------- Co-authored-by: adamsilverstein <adamsilverstein@earthboundhosting.com> Co-authored-by: andrewserong <andrewserong@git.wordpress.org> Co-authored-by: adamsilverstein <adamsilverstein@git.wordpress.org> Co-authored-by: t-hamano <wildworks@git.wordpress.org> Co-authored-by: inc2734 <inc2734@git.wordpress.org>
1 parent 2af539b commit 1a6b76d

File tree

5 files changed

+18
-12
lines changed

5 files changed

+18
-12
lines changed

‎backport-changelog/7.0/11291.md‎

Lines changed: 3 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,3 @@
1+
https://github.com/WordPress/wordpress-develop/pull/11291
2+
3+
* https://github.com/WordPress/gutenberg/pull/76618

‎lib/media/load.php‎

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -345,7 +345,6 @@ function gutenberg_add_crossorigin_attributes( string $html ): string {
345345
// See https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/crossorigin.
346346
$tags = array(
347347
'AUDIO' => 'src',
348-
'IMG' => 'src',
349348
'LINK' => 'href',
350349
'SCRIPT' => 'src',
351350
'VIDEO' => 'src',

‎packages/block-editor/src/hooks/cross-origin-isolation.js‎

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -27,14 +27,14 @@ if ( window.crossOriginIsolated ) {
2727
return;
2828
}
2929

30-
el.querySelectorAll(
31-
'img,source,script,video,link'
32-
).forEach( ( v ) => {
33-
addCrossOriginAttribute( v );
34-
} );
30+
el.querySelectorAll( 'source,script,video,link' ).forEach(
31+
( v ) => {
32+
addCrossOriginAttribute( v );
33+
}
34+
);
3535

3636
if (
37-
[ 'IMG', 'SOURCE', 'SCRIPT', 'VIDEO', 'LINK' ].includes(
37+
[ 'SOURCE', 'SCRIPT', 'VIDEO', 'LINK' ].includes(
3838
el.nodeName
3939
)
4040
) {

‎packages/block-editor/src/hooks/test/cross-origin-isolation.js‎

Lines changed: 7 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -152,7 +152,7 @@ describe( 'cross-origin-isolation', () => {
152152
expect( observeSpy ).not.toHaveBeenCalled();
153153
} );
154154

155-
it( 'should add crossorigin="anonymous" to images', async () => {
155+
it( 'should not add crossorigin="anonymous" to images', async () => {
156156
Object.defineProperty( window, 'crossOriginIsolated', {
157157
value: true,
158158
writable: true,
@@ -172,8 +172,12 @@ describe( 'cross-origin-isolation', () => {
172172
// Wait for MutationObserver callback to fire (async microtask).
173173
await new Promise( ( resolve ) => setTimeout( resolve, 0 ) );
174174

175-
// The image should get the crossorigin attribute
176-
expect( img ).toHaveAttribute( 'crossorigin', 'anonymous' );
175+
// Images should NOT get the crossorigin attribute.
176+
// Under Document-Isolation-Policy: isolate-and-credentialless,
177+
// the credentialless mode handles image loading without CORS headers.
178+
// Adding crossorigin="anonymous" would override this and break
179+
// external images that don't serve CORS headers.
180+
expect( img ).not.toHaveAttribute( 'crossorigin' );
177181

178182
document.body.removeChild( img );
179183
} );

‎phpunit/media/media-processing-test.php‎

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -163,8 +163,8 @@ public function test_add_crossorigin_attributes() {
163163
HTML;
164164

165165
$expected = <<<HTML
166-
<img crossorigin="anonymous" src="https://www.someothersite.com/test1.jpg" />
167-
<img crossorigin="anonymous" src="test2.jpg" />
166+
<img src="https://www.someothersite.com/test1.jpg" />
167+
<img src="test2.jpg" />
168168
<audio crossorigin="anonymous"><source src="https://www.someothersite.com/test1.mp3"></audio>
169169
<audio crossorigin="anonymous" src="https://www.someothersite.com/test1.mp3"></audio>
170170
<audio src="/test2.mp3"></audio>

0 commit comments

Comments
 (0)