diff --git a/engine/src/flutter/lib/web_ui/lib/src/engine/html_image_element_codec.dart b/engine/src/flutter/lib/web_ui/lib/src/engine/html_image_element_codec.dart index 2bd6ccabc5..4323330a1b 100644 --- a/engine/src/flutter/lib/web_ui/lib/src/engine/html_image_element_codec.dart +++ b/engine/src/flutter/lib/web_ui/lib/src/engine/html_image_element_codec.dart @@ -45,6 +45,7 @@ abstract class HtmlImageElementCodec implements ui.Codec { imgElement = createDomHTMLImageElement(); imgElement!.src = src; setJsProperty(imgElement!, 'decoding', 'async'); + setJsProperty(imgElement!, 'crossOrigin', 'anonymous'); // Ignoring the returned future on purpose because we're communicating // through the `completer`. diff --git a/engine/src/flutter/lib/web_ui/lib/src/engine/safe_browser_api.dart b/engine/src/flutter/lib/web_ui/lib/src/engine/safe_browser_api.dart index 59d9f7a07e..a62b2e034c 100644 --- a/engine/src/flutter/lib/web_ui/lib/src/engine/safe_browser_api.dart +++ b/engine/src/flutter/lib/web_ui/lib/src/engine/safe_browser_api.dart @@ -40,6 +40,7 @@ T getJsProperty(Object object, String name) { } const Set _safeJsProperties = { + 'crossOrigin', 'decoding', '__flutter_state', }; diff --git a/engine/src/flutter/lib/web_ui/test/canvaskit/image_golden_test.dart b/engine/src/flutter/lib/web_ui/test/canvaskit/image_golden_test.dart index b5c5c6085b..e0681ce6e1 100644 --- a/engine/src/flutter/lib/web_ui/test/canvaskit/image_golden_test.dart +++ b/engine/src/flutter/lib/web_ui/test/canvaskit/image_golden_test.dart @@ -253,6 +253,19 @@ Future testMain() async { } }); + test('crossOrigin requests cause an error', () async { + final String otherOrigin = + domWindow.location.origin.replaceAll('localhost', '127.0.0.1'); + bool gotError = false; + try { + final ui.Codec _ = await renderer.instantiateImageCodecFromUrl( + Uri.parse('$otherOrigin/test_images/1x1.png')); + } catch (e) { + gotError = true; + } + expect(gotError, isTrue, reason: 'Should have got CORS error'); + }); + _testCkAnimatedImage(); test('isAvif', () {