Fetch avatars without CORS

By omitting the crossOrigin attribute, we change avatars to use a non-CORS request to fetch the image. This allows avatars to load even on null origins (fixing element-hq/element-web#26491), but also prevents us from inspecting the image data in JavaScript, for example by using it in a canvas. We weren't doing that of course, so switching to the locked-down non-CORS mode should have no consequences.
element-hq · May 14, 2024 · 5f0b5bd · 5f0b5bd
1 parent aad4342
commit 5f0b5bd
Showing 1 changed file with 0 additions and 1 deletion.
diff --git a/src/components/Avatar/Avatar.tsx b/src/components/Avatar/Avatar.tsx
@@ -121,7 +121,6 @@ export const Avatar = forwardRef<
           loading="lazy"
           alt=""
           src={src}
-          crossOrigin="anonymous"
           referrerPolicy="no-referrer"
           className={classnames(styles.image)}
           data-type={type}