IE10: CORS Headers not being honoured with canvas drawImage() and getImageData() - by Sosh101

Status : 

  Won't Fix<br /><br />
		Due to several factors the product team decided to focus its efforts on other items.<br /><br />
		A more detailed explanation for the resolution of this particular item may have been provided in the comments section.

ID 789809 Comments
Status Closed Workarounds
Type Bug Repros 2
Opened 6/10/2013 6:41:02 AM
Access Restriction Public


IE throws a security error when trying to read data from a canvas that has had a cross-origin image written to it.

Even with proper CORS headers set:

access-control-allow-origin: *
access-control-allow-credentials: true

And the setting in JS:
image.crossOrigin = "Anonymous";

Please see this JSFiddle for an example of the problem (works fine in all other modern browsers - fails in IE10):

Sign in to post a comment.
Posted by shane907 on 11/18/2014 at 3:06 PM
At least one very large U.S. government agency is still using IE10, so this bug continues to impede development. Is there a reason the bug fix wasn't backported to IE10? If not, is that a possibility?
Posted by Microsoft on 3/28/2014 at 9:57 AM
Thank you again for your feedback.

We’ve investigated this issue and it is fixed in the latest version of Internet Explorer (IE11), which is part of Windows 8.1 and available to download for Windows 7. IE11 is the best browsing experience on any device - fast, fluid, secure, and perfect for touch. We hope you’ll give it a try, and let us know what you think.

We continue to welcome more feedback, so please don't hesitate to report other ways that we can improve Internet Explorer.

Best regards,
The Internet Explorer Team
Posted by Microsoft on 7/3/2013 at 1:45 PM
Thank you for your feedback.

We were able to reproduce the issue and are investigating it.

Best regards,

The Internet Explorer Team