Page MenuHomePhabricator
Create Task
Maniphest T406377

Image Browsing: iOS 12, 15 have CORS failures if wiki is on HTTP
Closed, DuplicatePublic1 Estimated Story Points
Actions

Description

(after applying T406365 fix) In local testing with iOS 12 and 15 devices, we seem to have some failures in the CORS anonymous loads of images (needed to get at the cross-origin data to calculate average color and crop position). This may be inconsistent and depend on config and factors, but seems to be the case when redirects get involved:

on iOS 12:

[Error] Unable to get image data from canvas because the canvas has been tainted by cross-origin data.
	getColor (load.php:10:643)
	compute (load.php:38:794)
	onLoad (load.php:38:1046)
[Error] Error: FastAverageColor: security error (CORS) for resource http://upload.wikimedia.org/wikipedia/commons/thumb/5/56/GrandCanyon.NASA.2014.jpg/300px-GrandCanyon.NASA.2014.jpg.
[Error] Cross-origin redirection to https://upload.wikimedia.org/wikipedia/commons/thumb/3/31/Canyon_River_Tree_%28165872763%29.jpeg/1280px-Canyon_River_Tree_%28165872763%29.jpeg denied by Cross-Origin Resource Sharing policy: Origin http://moya.local:8080 is not allowed by Access-Control-Allow-Origin.
[Error] Cannot load image http://upload.wikimedia.org/wikipedia/commons/thumb/3/31/Canyon_River_Tree_%28165872763%29.jpeg/1280px-Canyon_River_Tree_%28165872763%29.jpeg due to access control checks.
[Error] Failed to load resource: Cross-origin redirection to https://upload.wikimedia.org/wikipedia/commons/thumb/3/31/Canyon_River_Tree_%28165872763%29.jpeg/1280px-Canyon_River_Tree_%28165872763%29.jpeg denied by Cross-Origin Resource Sharing policy: Origin http://moya.local:8080 is not allowed by Access-Control-Allow-Origin. (1280px-Canyon_River_Tree_(165872763).jpeg, line 0)
[Error] [SmartCrop] error: – EncodingError: Access control error.

on iOS 15:

[Error] Cross-origin redirection to http://upload.wikimedia.org/wikipedia/commons/thumb/5/56/GrandCanyon.NASA.2014.jpg/300px-GrandCanyon.NASA.2014.jpg denied by Cross-Origin Resource Sharing policy: Origin http://moya.local:8080 is not allowed by Access-Control-Allow-Origin. Status code: 301
[Error] Cannot load image http://upload.wikimedia.org/wikipedia/commons/thumb/5/56/GrandCanyon.NASA.2014.jpg/300px-GrandCanyon.NASA.2014.jpg due to access control checks.
[Error] Failed to load resource: Cross-origin redirection to http://upload.wikimedia.org/wikipedia/commons/thumb/5/56/GrandCanyon.NASA.2014.jpg/300px-GrandCanyon.NASA.2014.jpg denied by Cross-Origin Resource Sharing policy: Origin http://moya.local:8080 is not allowed by Access-Control-Allow-Origin. Status code: 301 (300px-GrandCanyon.NASA.2014.jpg, line 0)
[Error] Cross-origin redirection to http://upload.wikimedia.org/wikipedia/commons/thumb/5/56/GrandCanyon.NASA.2014.jpg/1280px-GrandCanyon.NASA.2014.jpg denied by Cross-Origin Resource Sharing policy: Origin http://moya.local:8080 is not allowed by Access-Control-Allow-Origin. Status code: 301
[Error] Cannot load image http://upload.wikimedia.org/wikipedia/commons/thumb/5/56/GrandCanyon.NASA.2014.jpg/1280px-GrandCanyon.NASA.2014.jpg due to access control checks.
[Error] Failed to load resource: Cross-origin redirection to http://upload.wikimedia.org/wikipedia/commons/thumb/5/56/GrandCanyon.NASA.2014.jpg/1280px-GrandCanyon.NASA.2014.jpg denied by Cross-Origin Resource Sharing policy: Origin http://moya.local:8080 is not allowed by Access-Control-Allow-Origin. Status code: 301 (1280px-GrandCanyon.NASA.2014.jpg, line 0)
[Error] [SmartCrop] error: – EncodingError: Access control error.

Details

Related Changes in Gerrit:
SubjectRepoBranchLines +/-
Image browsing: Fix for CORS image loads on iOS 12, 15mediawiki/extensions/ReaderExperimentsmaster+51 -3
Image browsing: Fix for CORS image loads on iOS 12, 15mediawiki/extensions/ReaderExperimentsmaster+10 -3
Customize query in gerrit

Related Objects

Event Timeline

bvibber created this task.Oct 3 2025, 7:00 PM
Restricted Application added a subscriber: Aklapper. · View Herald TranscriptOct 3 2025, 7:00 PM
bvibber updated the task description. (Show Details)Oct 3 2025, 7:00 PM
gerritbot added a comment.Oct 3 2025, 7:01 PM

Change #1193479 had a related patch set uploaded (by Bvibber; author: Bvibber):

[mediawiki/extensions/ReaderExperiments@master] Image browsing: Fix for CORS image loads on iOS 12, 15

https://gerrit.wikimedia.org/r/1193479

gerritbot added a project: Patch-For-Review.Oct 3 2025, 7:01 PM
bvibber moved this task from Committed to Doing on the Reader Growth Team (Sprint 1 (Sep 20 - Oct 13) Q2 2025/2026) board.Oct 3 2025, 7:01 PM
bvibber moved this task from Doing to Code Review on the Reader Growth Team (Sprint 1 (Sep 20 - Oct 13) Q2 2025/2026) board.
bvibber mentioned this in T406379: Bug Bash: The Sequel- 2 Old 2 Browsers.Oct 3 2025, 7:07 PM
egardner triaged this task as High priority.Oct 6 2025, 4:20 PM
egardner set the point value for this task to 1.
gerritbot added a comment.Oct 6 2025, 11:08 PM

Change #1193479 merged by jenkins-bot:

[mediawiki/extensions/ReaderExperiments@master] Image browsing: Fix for CORS image loads on iOS 12, 15

https://gerrit.wikimedia.org/r/1193479

Maintenance_bot removed a project: Patch-For-Review.Oct 6 2025, 11:30 PM
ReleaseTaggerBot added a project: MW-1.45-notes (1.45.0-wmf.22; 2025-10-07).Oct 7 2025, 12:00 AM
gerritbot added a comment.Oct 7 2025, 12:52 PM

Change #1194189 had a related patch set uploaded (by Matthias Mullie; author: Matthias Mullie):

[mediawiki/extensions/ReaderExperiments@master] Only target protocol-relative urls

https://gerrit.wikimedia.org/r/1194189

gerritbot added a project: Patch-For-Review.Oct 7 2025, 12:52 PM
gerritbot added a comment.Oct 8 2025, 9:15 PM

Change #1194189 merged by jenkins-bot:

[mediawiki/extensions/ReaderExperiments@master] Image browsing: Fix for CORS image loads on iOS 12, 15

https://gerrit.wikimedia.org/r/1194189

Maintenance_bot removed a project: Patch-For-Review.Oct 8 2025, 9:31 PM
ReleaseTaggerBot edited projects, added: MW-1.45-notes (1.45.0-wmf.23; 2025-10-14); removed: MW-1.45-notes (1.45.0-wmf.22; 2025-10-07).Oct 8 2025, 10:00 PM
bvibber moved this task from Code Review to QA on the Reader Growth Team (Sprint 1 (Sep 20 - Oct 13) Q2 2025/2026) board.Oct 9 2025, 3:45 PM
lwatson subscribed.EditedOct 9 2025, 6:13 PM
QA on beta

Steps:

  1. Navigate to a wiki page on beta and enable image browsing and minerva skin via URL params https://en.wikipedia.beta.wmcloud.org/wiki/Berlin?imageBrowsing=true&useskin=minerva
  2. The image browsing feature should be visible under the article title.

QA:

  • Verify that there are no errors in the browser console, specifically any CORS-related error.
  • Verify that images are loading as expected.
Findings

Note: I'm only able to test iOS 12 on-device. Simulator allows versions iOS 15-18, but 15 is unsupported on my MacBook.

iOS 12

  • No errors in the console when navigating to https and images load as expected.
  • CORS errors are present in the console when navigating to http, page redirects to https, and images load as expected. Screenshot below from Safari on iOS 12 iPad developer tools.
    T406377 QA_on-device_iPad iOS12.png (1,984×1,272 px, 549 KB)

cc: @bvibber are these findings expected?

lwatson attached a referenced file: F66740429: T406377 QA_on-device_iPad iOS12.png. (Show Details)Oct 9 2025, 6:42 PM
bvibber added a comment.Oct 9 2025, 8:44 PM

@lwatson thanks! let me double-check those remaining errors

bvibber added a comment.Oct 9 2025, 8:54 PM

@lwatson ok, confirmed those results are as expected -- the remaining errors in console are additional problems that happen on 12 that didn't happen on 15. So that is as expected -- it skips over the redirect, loads the images, and then the color detection still errors out. ;)

bvibber mentioned this in T406942: ImageBrowsing: iOS 12 CORS setup fails, tainting canvas for FastAverageColor.Oct 9 2025, 9:50 PM
lwatson added a comment.Oct 10 2025, 6:07 PM

Do you need another set of eyes to confirm the expected behavior of iOS 15? If not, then I'm happy to move this to signoff.

Edtadros subscribed.Oct 10 2025, 7:00 PM

@bvibber @lwatson, do you want me to test this on a specific iOS version/device on browserstack?

egardner closed this task as a duplicate of T406379: Bug Bash: The Sequel- 2 Old 2 Browsers.Oct 13 2025, 10:35 PM
matthiasmullie added a project: ReaderExperiments-ImageBrowsing.Jan 6 2026, 1:14 PM
Restricted Application edited projects, added: Reader Growth Team; removed: Reader Growth Team (Sprint 1 (Sep 20 - Oct 13) Q2 2025/2026). · View Herald TranscriptJan 6 2026, 1:14 PM
Aklapper edited projects, added: Reader Growth Team (Sprint 1 (Sep 20 - Oct 13) Q2 2025/2026); removed: Reader Growth Team.Jan 6 2026, 1:59 PM
Content licensed under Creative Commons Attribution-ShareAlike (CC BY-SA) 4.0 unless otherwise noted; code licensed under GNU General Public License (GPL) 2.0 or later and other open source licenses. By using this site, you agree to the Terms of Use, Privacy Policy, and Code of Conduct. · Wikimedia Foundation · Privacy Policy · Code of Conduct · Terms of Use · Disclaimer · CC-BY-SA · GPL · Credits