How to fix getImageData() error The canvas has been tainted by cross-origin data?

As others have said you are "tainting" the canvas by loading from a cross origins domain.

https://developer.mozilla.org/en-US/docs/HTML/CORS_Enabled_Image

However, you may be able to prevent this by simply setting:

img.crossOrigin = "Anonymous";

This only works if the remote server sets the following header appropriately:

Access-Control-Allow-Origin "*"

The Dropbox file chooser when using the "direct link" option is a great example of this. I use it on oddprints.com to hoover up images from the remote dropbox image url, into my canvas, and then submit the image data back into my server. All in javascript

I found that I had to use .setAttribute('crossOrigin', '') and had to append a timestamp to the URL's query string to avoid a 304 response lacking the Access-Control-Allow-Origin header.

This gives me

var url = 'http://lorempixel.com/g/400/200/';var imgObj = new Image();imgObj.src = url + '?' + new Date().getTime();imgObj.setAttribute('crossOrigin', '');

You won't be able to draw images directly from another server into a canvas and then use getImageData. It's a security issue and the canvas will be considered "tainted".

Would it work for you to save a copy of the image to your server using PHP and then just load the new image? For example, you could send the URL to the PHP script and save it to your server, then return the new filename to your javascript like this:

<?php //The name of this file in this example is imgdata.php  $url=$_GET['url'];  // prevent hackers from uploading PHP scripts and pwning your system  if(!@is_array(getimagesize($url))){    echo "path/to/placeholderImage.png";    exit("wrong file type.");  }  $img = file_get_contents($url);  $fn = substr(strrchr($url, "/"), 1);  file_put_contents($fn,$img);  echo $fn;?>

You'd use the PHP script with some ajax javascript like this:

xi=new XMLHttpRequest();xi.open("GET","imgdata.php?url="+yourImageURL,true);xi.send();xi.onreadystatechange=function() {  if(xi.readyState==4 && xi.status==200) {    img=new Image;    img.onload=function(){       ctx.drawImage(img, 0, 0, canvas.width, canvas.height);    }    img.src=xi.responseText;  }}

If you use getImageData on the canvas after that, it will work fine.

Alternatively, if you don't want to save the whole image, you could pass x & y coordinates to your PHP script and calculate the pixel's rgba value on that side. I think there are good libraries for doing that kind of image processing in PHP.

If you want to use this approach, let me know if you need help implementing it.

edit-1: peeps pointed out that the php script is exposed and allows the internet to potentially use it maliciously. there are a million ways to handle this, one of the simplest being some sort of URL obfuscation... i reckon secure php practices deserves a separate google ;P

edit-2: by popular demand, I've added a check to ensure it is an image and not a php script (from: PHP check if file is an image).