fix(filmstrip): remove crossOrigin=anonymous from probe video element
The /video endpoint requires session auth (requireAuth middleware). crossOrigin='anonymous' strips cookies from the request → 401 → video never loads → 15s timeout → filmstrip stays empty for all clips. Same-origin video does not need crossOrigin for canvas drawImage — the taint restriction only applies to cross-origin resources.
This commit is contained in:
parent
5edb4df35a
commit
b3c61134fc
1 changed files with 4 additions and 1 deletions
|
|
@ -90,7 +90,10 @@ function AssetDetail({ asset, onClose }) {
|
|||
const build = async function() {
|
||||
setFilmstripLoading(true);
|
||||
const probe = document.createElement('video');
|
||||
probe.crossOrigin = 'anonymous';
|
||||
// Do NOT set crossOrigin — the /video endpoint is same-origin and requires
|
||||
// session cookies. crossOrigin='anonymous' strips credentials → 401 → load
|
||||
// fails → filmstrip never builds. Same-origin video can be drawn to canvas
|
||||
// without crossOrigin (no taint applies).
|
||||
probe.muted = true;
|
||||
probe.playsInline = true;
|
||||
probe.preload = 'auto';
|
||||
|
|
|
|||
Loading…
Reference in a new issue