Created on 30 June 2020, over 4 years ago
Updated 12 September 2023, over 1 year ago

It seems, that image_widget_crop doesn't work with S3 storage. We have images stored at flysystem_s3. I tried implement Image Widget Crop, but I see only grey layer. So I tried same configuration with local storage and it works fine.

I am using https://cdnjs.cloudflare.com/ajax/libs/cropper/4.0.0/cropper.min.js library.

πŸ› Bug report
Status

Needs work

Version

2.3

Component

Crop

Created by

πŸ‡¨πŸ‡ΏCzech Republic siva01

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

Not all content is available!

It's likely this issue predates Contrib.social: some issue and comment data are missing.

  • πŸ‡§πŸ‡ΎBelarus mozh92

    It works for me with s3, thanks

  • Issue was unassigned.
  • Status changed to RTBC over 1 year ago
  • Open in Jenkins β†’ Open on Drupal.org β†’
    Core: 9.5.x + Environment: PHP 7.3 & MySQL 5.7
    last update over 1 year ago
    4 pass
  • πŸ‡ΈπŸ‡°Slovakia kaszarobert

    Well, we're using patch #4 in production for a big news corporation since last year and they never mentioned cropping issues while doing 50-100 new articles every day. So to stop stalling this issue for years I guess the maintainer should now decide if this feature will be included or not.

  • Status changed to Needs work about 2 months ago
  • πŸ‡³πŸ‡±Netherlands eelkeblok Netherlands πŸ‡³πŸ‡±

    What are the security implications? Why is this set to anonymous in the first place? "Works for me" is not really a ringing endorsement for a patch that has security implications :)

  • πŸ‡ΈπŸ‡°Slovakia kaszarobert

    According to the https://github.com/fengyuanchen/cropperjs#checkcrossorigin by default when the JS library is loaded, it clones the image element and makes an AJAX request for the image file to do some orientation metadata checking. And in case of native S3 URLs, it will mean sending AJAX request to a different domain, so that will not work because it's a cross-domain AJAX request with missing CORS headers in S3. And the documentation states that setting checkCrossOrigin to false means that it will not do this AJAX call.
    The other solution would be trying to set up the Access-Control-Allow-Origin headers in Amazon S3/Google Cloud Storage (if possible) or proxying the file URLs in the S3 storage to use the same domain which the site runs on.

Production build 0.71.5 2024