Kris Erickson
Reputation: 33834
Firefox Cross Domain images are tainted
This is working in Chrome, but not in firefox. The Access-Control-Allow-Origin is set to *, and images are loaded with a crossOrigin set to anonymous, however when drawing the images onto a canvas in firefox they taint the canvas. The code to load the image is as follows:
var image = new Image();
image.onload = loadCallback;
image.crossOrigin = "anonymous";
image.src = imageSrc;
A few questions:
- Is there something I am missing that is specific to Firefox? Does it require more headers than Access-Control-Allow-Origin?
- Is there any way to determine from a loaded image that it is tainted (would be useful for debugging).
- The domain name for the servers are the same, they are just different subdomains (i.e. images.example.com and mysite.example.com), is there any way to use this to my advantage or should I really have a proxy in place to do a passthru and just forget about dealing with the CORS issues?
Upvotes: 2
Views: 1113
Answers (1)
Boris Zbarsky
Reputation: 35064
Support for not tainting the canvas when CORS-enabled images are painted to it was added in Firefox 9. See https://bugzilla.mozilla.org/show_bug.cgi?id=685518
So if you're testing with Firefox 8, it won't work. Try a Firefox 9 beta?
Upvotes: 3
Related Questions
- Tainted HTML Canvas even with CORS headers
- The canvas has been tainted by cross-origin data local image
- Canvas tainted by cross-origin data
- canvas has been tainted by cross-origin data work around
- Any way to circumvent cross domain image issue in canvas?
- Canvas tainted with CORS images
- Canvas element not rendering to PNG (security error) when images are on the same domain
- Javascript: CORS enabled image
- Browser Canvas CORS Support for Cross Domain Loaded Image Manipulation
- Cross-origin image loading and manipulating