View Issue Details
| ID | Project | Category | View Status | Date Submitted | Last Update |
|---|---|---|---|---|---|
| 0004989 | Taler | wallet (WebExtension) | public | 2017-04-14 21:29 | 2017-06-06 14:18 |
| Reporter | sharethewisdom | Assigned To | Florian Dold | ||
| Priority | high | Severity | crash | Reproducibility | always |
| Status | closed | Resolution | fixed | ||
| OS | linux | OS Version | 4.8.13-1-ARCH | ||
| Product Version | 0.2 | ||||
| Target Version | 0.3 | Fixed in Version | 0.3 | ||
| Summary | 0004989: chromeBadge.js:107 Failed to execute 'getImageData': The canvas has been tainted by cross-origin data. | ||||
| Description | I was trying this out for the first time. The installation state on https://bank.demo.taler.net reads "Wallet not installed". Contrary to issue 0004682, withdrawal does not work for me there. | ||||
| Steps To Reproduce | in chrome://extensions/ click Inspect views: src/background/background.html in the console, I find the following error: Uncaught (in promise) DOMException: Failed to execute 'getImageData' on 'CanvasRenderingContext2D': The canvas has been tainted by cross-origin data. [...] | ||||
| Tags | No tags attached. | ||||
|
|
Which version of Chrome is this? |
|
|
Chromium version 57.0.2987.133 (64-bit) (with these flags which may not matter:) --enable-potentially-annoying-security-features --enable-strict-mixed-content-checking |
|
|
Ah, interesting. The problem only occurs with these flags enabled. It seems that Chromium prevents calls to "getImageData" in order to defend against canvas fingerprinting? I don't see where we touch data that comes from another origin, we only use primitive drawing operations and text drawing. "Fixed" here: https://git.taler.net/wallet-webex.git/commit/?id=e6e0cbc387c2a77b48e4065c229daa65bf1aa0fa This means that with these extra security features enabled, we can't have the extension icon rendered via canvas. Not sure if it makes sense that Chromium tries to prevent extensions from canvas fingerprinting .... |
| Date Modified | Username | Field | Change |
|---|---|---|---|
| 2017-04-14 21:29 | sharethewisdom | New Issue | |
| 2017-04-14 21:29 | sharethewisdom | Status | new => assigned |
| 2017-04-14 21:29 | sharethewisdom | Assigned To | => Florian Dold |
| 2017-04-15 16:02 | Christian Grothoff | Note Added: 0012037 | |
| 2017-04-15 16:02 | Christian Grothoff | Target Version | => 0.3 |
| 2017-04-15 16:31 | sharethewisdom | Note Added: 0012038 | |
| 2017-04-19 01:17 | Florian Dold | Note Added: 0012047 | |
| 2017-04-19 01:17 | Florian Dold | Status | assigned => resolved |
| 2017-04-19 01:17 | Florian Dold | Resolution | open => fixed |
| 2017-04-19 13:36 | Christian Grothoff | Fixed in Version | => 0.3 |
| 2017-06-06 14:18 | Christian Grothoff | Status | resolved => closed |
| 2023-04-13 20:37 | Florian Dold | Category | wallet (WebExtensions) => wallet (WebExtension) |
