Description of the problem
The default crossOrigin of some *Loaders under examples/js/loaders are Anonymous while base Loader‘s is undefined.
IMO, crossOrigin of all *Loaders should be undefined for security and consistency.
If you folks agree with this, I’ll make PR.
These loaders seems to have default Anonymous crossOrigin as far as I know from the grep command.
AssimpJSONLoaderAssimpLoaderBinaryLoaderColladaLoaderGLTFLoaderMTLLoaderVRMLLoader
Three.js version
- Dev
- r87
- …
Browser
- All of them
- Chrome
- Firefox
- Internet Explorer
OS
- All of them
- Windows
- macOS
- Linux
- Android
- iOS
Just working through this now, and in the specific case of
ImageLoader:crossOriginvalue ofundefinedTHREE.CanvasTexturebased on that canvasresults in a security error, because the canvas is “tainted”, so in that particular case
undefinedprobably isn’t a sensible default.