Skip to content

fix: add crossOrigin configuration to video examples to prevent WebGL SecurityError #406

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

fix: add crossOrigin configuration to video examples to prevent WebGL SecurityError #406

wants to merge 1 commit into from

Conversation

@aomsir
Copy link

@aomsir aomsir commented Nov 18, 2025
edited by cursor bot
Loading

Background

When video assets are served from a different origin, the examples may load successfully and play audio, but the video image fails to render in WebGL. Browsers then raise a SecurityError similar to:

Failed to execute 'texImage2D' on 'WebGLRenderingContext':
The video element contains cross-origin data, and may not be loaded.

This occurs because WebGL cannot upload video frames as textures unless the video element is initialized with a crossOrigin attribute and the resource is CORS-enabled.

Purpose of This Change

Adding this.load.setCORS('anonymous') ensures that the video element is created with the correct cross-origin configuration. This prevents the WebGL SecurityError and allows video frames to render correctly when assets are hosted on different origins (local development, CDN setups, etc.).

Impact

  • No breaking changes.
  • No effect on same-origin setups.
  • Improves reliability of all video examples in common developer environments.

If further changes or adjustments are preferred, I can update the PR accordingly.

Note

Adds this.load.setCORS('anonymous') to video example preloaders so cross-origin videos render correctly in WebGL.

  • Video examples: Configure anonymous CORS for video assets
    • public/3.86/src/game objects/video/*:
      • Added this.load.setCORS('anonymous') in preload() across examples (change video source, get first video frame, loop video, multiple video instances, multiple videos, on complete event, play video, stream video from webcam, transparent video, video as shader texture, video controls, video set current time, video snapshot area, video snapshot, video to sprites, video transition).
    • public/3.55/src/game objects/video/play video.js:
      • Added this.load.setCORS('anonymous') before setting BaseURL.

Written by Cursor Bugbot for commit 9b6ead7. This will update automatically on new commits. Configure here.

@aomsir
fix: add CORS support for video examples loading from CDN
9b6ead7 
- Add setCORS('anonymous') to all video examples that load from CDN (3.86, 3.55)
- Remove CORS settings from local video examples (3.24, public/src)
- Ensure proper video playback across different domains
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@aomsir