From 41e97db5d02b557c6cb06fed66da47fb9e1a1526 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=2EC=2EK=C3=B6del?= <julio@kodel.com.br>
Date: Sat, 21 Sep 2019 20:02:22 -0300
Subject: [PATCH] Fix Color Thief cross origin bug

When users have external avatar urls (for instance: in a SSO environment where the avatar is provided by another domain), color thief fails to get the avatar dominant color because the canvas would be tainted.

Following the instructions here (https://lokeshdhakar.com/projects/color-thief/ on the "Does it work if the image is hosted on another domain?"), adding an `image.crossOrigin = 'Anonymous';` solves the issue.

Tested on my forum which before suffered from a JS error and works fine (without this fix, the canvas remain in the `body` while an script error is thrown by color thief)
---
 framework/core/js/src/common/models/User.js | 1 +
 1 file changed, 1 insertion(+)

diff --git a/framework/core/js/src/common/models/User.js b/framework/core/js/src/common/models/User.js
index d9754606f..177ac71ef 100644
--- a/framework/core/js/src/common/models/User.js
+++ b/framework/core/js/src/common/models/User.js
@@ -91,6 +91,7 @@ Object.assign(User.prototype, {
       user.freshness = new Date();
       m.redraw();
     };
+    image.crossOrigin = 'Anonymous';
     image.src = this.avatarUrl();
   },