Javascript CORS图像/画布操作
[英]Javascript CORS image / canvas manipulation
问题描述
I am trying to retrieve an image from another domain which I have configured to allow CORS and manipulate pixels and then I want to display the result and be able to manipulate the result. 
我正在尝试从另一个域检索图像,该域已配置为允许CORS和操纵像素,然后我想显示结果并能够操纵结果。 I am able to use both getImageData and toDataURL on the image that I have requested so I know that the server part works. 我可以在请求的图像上使用getImageData和toDataURL,因此我知道服务器部分可以正常工作。 However when i try to change the src attribute of the image to the dataURL from the canvas I get the security error "Cross-origin image load denied by Cross-Origin Resource Sharing policy.". 但是,当我尝试将图像的src属性从画布更改为dataURL时,出现安全错误“跨域资源共享策略拒绝跨域图像加载”。
function manipulateImage(img, func) {
var canvas = document.createElement('canvas');
canvas.width = img.width;
canvas.height = img.height;
c = canvas.getContext('2d');
c.drawImage(img, 0, 0);
width = canvas.width;
height = canvas.height;
imageData = c.getImageData(0, 0, width, height);
y = 0;
while (y < height) {
x = 0;
while (x < width) {
var pixel = getPixel(imageData, x, y);
func(pixel);
setPixel(imageData, x, y, pixel);
x++;
}
y++;
}
c.putImageData(imageData, 0, 0);
console.log('done');
img.src = canvas.toDataURL();
}
$(function() {
img = new Image();
img.crossOrigin = '';
img.onload = function() {
document.body.appendChild(img);
}
img.src = 'https://choros-cognition-test.s3.amazonaws.com/geotiffs/X8pEm_cl3_sm16_ra15_style_warp.png'
$('#increase-button').on('click', function() {
manipulateImage(img, function(pixel) {
pixel[2] += 30;
});
});
});
The strange part is that if I reset the crossOrigin attribute of the image to null in the manipulateImage function then it works. 奇怪的是,如果我在操纵图像函数中将图像的crossOrigin属性重置为null,则它将起作用。 Why is this? 为什么是这样?
function manipulateImage(img, func) {
img.crossOrigin = null;
....
1 个解决方案
解决方案1
0 2014-02-11 13:01:39
Well I looked up the docs on the crossorigin atribute . 好吧,我查阅了crossorigin属性上的文档 。
Here's the relevant information: 以下是相关信息:
crossorigin HTML5 跨域HTML5
This enumerated attribute indicates if the fetching of the related image must be done using CORS or not. 此枚举属性指示是否必须使用CORS完成相关图像的获取。 CORS-enabled images can be reused in the element without being tainted. 启用CORS的图像可以在元素中重复使用而不会受到污染。 The allowed values are: 允许的值为:
anonymous 匿名
A cross-origin request (ie with Origin: HTTP header) is performed. 执行跨域请求(即,使用Origin:HTTP标头)。 But no credential is sent (ie no cookie, no X.509 certificate and no HTTP Basic authentication is sent). 但是没有凭据发送(即没有cookie,没有X.509证书和HTTP基本身份验证被发送)。 If the server does not give credentials to the origin site (by not setting the Access-Control-Allow-Origin: HTTP header), the image will be tainted and its usage restricted.. 如果服务器未将凭据提供给原始站点(未设置Access-Control-Allow-Origin:HTTP标头),则该图像将被污染并且其使用受到限制。
use-credentials 使用凭证
A cross-origin request (ie with Origin: HTTP header) is performed with credential is sent (ie a cookie, a certificate and HTTP Basic authentication is performed). 发送带有证书的跨域请求(即使用Origin:HTTP标头)(即执行cookie,证书和HTTP Basic身份验证)。 If the server does not give credentials to the origin site (through Access-Control-Allow-Credentials: HTTP header), the image will be tainted and its usage restricted. 如果服务器未将凭据提供给原始站点(通过Access-Control-Allow-Credentials:HTTP标头),则图像将被污染并且其使用受到限制。
When not present, the resource is fetched without a CORS request (ie without sending the Origin: HTTP header), preventing its non-tainted used in elements. 如果不存在,则无需CORS请求即可获取资源(即,无需发送Origin:HTTP标头),以防止在元素中使用未污染的资源。 If invalid, it is handled as if the enumerated keyword anonymous was used. 如果无效,则将其视为使用了枚举关键字匿名。
So my guess is that null is either the same as not being present or being invalid in which case it is handled like anonymous. 所以我的猜测是null要么等于不存在,要么无效,在这种情况下,它像匿名一样被处理。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.