[Vega] Allow image loading without CORS policy by changing the defaul…

…t to crossOrigin=null (#91991) (#92956) * changing the default to crossOrigin=null in Vega * Fix eslint Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com> Co-authored-by: Kibana Machine <42973632+kibanamachine@users.noreply.github.com>
elastic · Mar 1, 2021 · ce18758 · ce18758
1 parent 0772e20
commit ce18758
Showing 1 changed file with 6 additions and 2 deletions.
diff --git a/src/plugins/vis_type_vega/public/vega_view/vega_base_view.js b/src/plugins/vis_type_vega/public/vega_view/vega_base_view.js
@@ -172,7 +172,7 @@ export class VegaBaseView {
     // Override URL sanitizer to prevent external data loading (if disabled)
     const vegaLoader = loader();
     const originalSanitize = vegaLoader.sanitize.bind(vegaLoader);
-    vegaLoader.sanitize = (uri, options) => {
+    vegaLoader.sanitize = async (uri, options) => {
       if (uri.bypassToken === bypassToken) {
         // If uri has a bypass token, the uri was encoded by bypassExternalUrlCheck() above.
         // because user can only supply pure JSON data structure.
@@ -189,7 +189,11 @@ export class VegaBaseView {
           })
         );
       }
-      return originalSanitize(uri, options);
+      const result = await originalSanitize(uri, options);
+      // This will allow Vega users to load images from any domain.
+      result.crossOrigin = null;
+
+      return result;
     };
     config.loader = vegaLoader;