From 50137ca741684f66755f730661d45fe68cd7b84a Mon Sep 17 00:00:00 2001 From: Alexzjt <1543042497@qq.com> Date: Tue, 9 Jun 2026 19:30:59 +0800 Subject: [PATCH 1/2] =?UTF-8?q?fix:=20crossOrigin=20=E5=BF=85=E9=A1=BB?= =?UTF-8?q?=E5=9C=A8=20src=20=E8=B5=8B=E5=80=BC=E4=B9=8B=E5=89=8D=E8=AE=BE?= =?UTF-8?q?=E7=BD=AE?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- packages/s2-core/src/utils/cell/customRenderer.ts | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/packages/s2-core/src/utils/cell/customRenderer.ts b/packages/s2-core/src/utils/cell/customRenderer.ts index 9ad7e97caa..87d918fcb4 100644 --- a/packages/s2-core/src/utils/cell/customRenderer.ts +++ b/packages/s2-core/src/utils/cell/customRenderer.ts @@ -82,8 +82,12 @@ export function asyncDrawImage(options: { const img = new Image(); + // crossOrigin 必须在 src 之前设置,否则浏览器会忽略该属性 + if (crossOrigin) { + img.crossOrigin = crossOrigin; + } + img.src = src; - img.crossOrigin = crossOrigin; // 设置超时 const timeoutId = setTimeout(onerror, timeout); From fc404a4b97cf00e2af4b6c4fe8fb770052fe86bc Mon Sep 17 00:00:00 2001 From: Alexzjt <1543042497@qq.com> Date: Tue, 9 Jun 2026 19:50:37 +0800 Subject: [PATCH 2/2] =?UTF-8?q?fix:=20=E5=9B=BE=E7=89=87=E9=99=8D=E7=BA=A7?= =?UTF-8?q?=E9=87=8D=E8=AF=95?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- packages/s2-core/src/utils/cell/customRenderer.ts | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) diff --git a/packages/s2-core/src/utils/cell/customRenderer.ts b/packages/s2-core/src/utils/cell/customRenderer.ts index 87d918fcb4..33c0304b17 100644 --- a/packages/s2-core/src/utils/cell/customRenderer.ts +++ b/packages/s2-core/src/utils/cell/customRenderer.ts @@ -8,6 +8,7 @@ export function asyncDrawImage(options: { timeout?: number; mediaCache?: flruCache; crossOrigin?: string | null; + referrerPolicy?: ReferrerPolicy | null; cacheKeyPrefix?: string; }): Promise { const { @@ -16,6 +17,7 @@ export function asyncDrawImage(options: { timeout = 10000, mediaCache, crossOrigin = 'Anonymous', + referrerPolicy, cacheKeyPrefix, } = options; @@ -65,12 +67,15 @@ export function asyncDrawImage(options: { }; const onerror = () => { if (crossOrigin) { - // 第二次加载不再使用跨域请求,但会因浏览器安全策略导致Canvas的toDataUrl失败(不推荐) + // 第二次加载:去掉 crossOrigin 并设置 referrerPolicy='no-referrer' + // 这样请求不携带 Origin 和 Referer,可绕过部分防盗链 CDN(如小红书) + // 代价:图片以 tainted 模式加载,canvas toDataURL 不可用 asyncDrawImage({ src, timeout, mediaCache, crossOrigin: null, + referrerPolicy: 'no-referrer', cacheKeyPrefix, }) .then(cacheResolve) @@ -82,11 +87,15 @@ export function asyncDrawImage(options: { const img = new Image(); - // crossOrigin 必须在 src 之前设置,否则浏览器会忽略该属性 + // crossOrigin 和 referrerPolicy 必须在 src 之前设置,否则浏览器会忽略 if (crossOrigin) { img.crossOrigin = crossOrigin; } + if (referrerPolicy) { + img.referrerPolicy = referrerPolicy; + } + img.src = src; // 设置超时