環境
Google Chrome バージョン: 79.0.3945.130(Official Build)
やりたいこと
imgタグでsvgを表示したいが、chromeで下記エラーとなり表示されない
Cross-Origin Read Blocking (CORB) blocked cross-origin response https://hogehoge/fuga.svg with MIME type text/plain. See https://www.chromestatus.com/feature/5629709824032768 for more details.
↓
See https://www.chromestatus.com/feature/5629709824032768 https://www.chromestatus.com/feature/5629709824032768 とあるので内容確認
Cross-Origin Read Blocking (CORB) is an algorithm that can identify and block dubious cross-origin resource loads in web browsers before they reach the web page. CORB reduces the risk of leaking sensitive data by keeping it further from cross-origin web pages. In most browsers, it keeps such data out of untrusted script execution contexts. In browsers with Site Isolation, it can keep such data out of untrusted renderer processes entirely, helping even against side channel attacks like Spectre.
→疑わしいcross-origin resource (オリジン間リソース)をブロックするセキュリティがChrome73から実装されている様子
やったこと
パラメータにsanitize=trueを追加する
<img width="148px" src="https://hogehoge/fuga.svg">
↓
<img width="148px" src="https://hogehoge/fuga.svg?sanitize=true">
Comments