In general, this problem is due to CORS (cross-origin resource sharing) requirements not being fulfilled.
To avoid this you can either:
- Serve the image being cropped from the same origin as the page
- Request cross-origin use by supplying
crossOrigin
property to the image - Use a proxy to serve the image from the external site through your server (in which case much of the point is lost doing everything locally).
In addition:
- When testing, don't use the local
file://
protocol but a light local server (ie. Mongoose)
If not you will get an security error every time you use toDataURL
(or getImageData
).
About requesting CORS usage from external servers: you can only request such use but it's up to the server to grant the permission or not.
To request either:
<img src="..." crossOrigin="anonymous" >
or from JavaScript:
var img = new Image;
img.onload = handleOnLoad;
img.crossOrigin = 'anonymous';
img.src = '...';
If denied the image won't load at all.