Canvas tainted by cross-origin data

后端 未结 4 1686
南笙
南笙 2020-11-27 19:05

I\'m loading a motion jpeg from third-party site, which I can trust. I\'m trying to getImageData() but the browser (Chrome 23.0) complains that:



        
相关标签:
4条回答
  • 2020-11-27 19:31

    Also worth noting that the CORS will apply if you are working locally regardless of if the resource is in the same directory as the index.html file you are working with. For me this mean the CORS problems disappeared when I uploaded it to my server, since that has a domain.

    0 讨论(0)
  • 2020-11-27 19:33

    You cannot reset the crossOrigin flag once it is tainted, but if you know before hand what the image is you can convert it to a data url, see Drawing an image from a data URL to a canvas

    But no, you cannot and should not be using getImageData() from external sources that don't support CORS

    0 讨论(0)
  • 2020-11-27 19:44

    While the question is very old the problem remains and there is little on the web to solve it. I came up with a solution I want to share:

    You can use the image (or video) without the crossorigin attribute set first and test if you can get a HEAD request thru to the same resource via AJAX. If that fails, you cannot use the resource. if it succeeds you can add the attribute and re-set the source of the image/video with a timestamp attached which reloads it.

    This workaround allows you to show your resource to the user and simply hide some functions if CORS is not supported.

    HTML:

    <img id="testImage" src="path/to/image.png?_t=1234">
    

    JavaScript:

    var target = $("#testImage")[0];
        currentSrcUrl = target.src.split("_t=").join("_t=1"); // add a leading 1 to the ts
    $.ajax({
        url: currentSrcUrl,
        type:'HEAD',
        withCredentials: true
    })
    .done(function() {
        // things worked out, we can add the CORS attribute and reset the source
        target.crossOrigin = "anonymous";
        target.src = currentSrcUrl;
        console.warn("Download enabled - CORS Headers present or not required");
        /* show make-image-out-of-canvas-functions here */
    })
    .fail(function() {
        console.warn("Download disabled - CORS Headers missing");
        /* ... or hide make-image-out-of-canvas-functions here */
    });
    

    Tested and working in IE10+11 and current Chrome 31, FF25, Safari 6 (Desktop). In IE10 and FF you might encounter a problem if and only if you try to access http-files from a https-script. I don't know about a workaround for that yet.

    UPDATE Jan 2014:

    The required CORS headers for this should be as follows (Apache config syntax):

    Header set Access-Control-Allow-Origin "*"
    Header set Access-Control-Allow-Headers "referer, range, accept-encoding, x-requested-with"
    

    the x-header is required for the ajax request only. It's not used by all but by most browsers as far as I can tell

    0 讨论(0)
  • 2020-11-27 19:52

    You can use base64 of the image on canvas, While converting into base64 you can use a proxy URL (https://cors-anywhere.herokuapp.com/) before your image path to avoid cross-origin issue

    check full details here

    https://stackoverflow.com/a/44199382/5172571

    var getDataUri = function (targetUrl, callback) {
        var xhr = new XMLHttpRequest();
        xhr.onload = function () {
            var reader = new FileReader();
            reader.onloadend = function () {
                callback(reader.result);
            };
            reader.readAsDataURL(xhr.response);
        };
        var proxyUrl = 'https://cors-anywhere.herokuapp.com/';
        xhr.open('GET', proxyUrl + targetUrl);
        xhr.responseType = 'blob';
        xhr.send();
    };
    getDataUri(path, function (base64) {
        // base64 availlable here
    })
    
    0 讨论(0)
提交回复
热议问题