3

i got two servers (prod.example.com and img.example.com)

so on "prod" i process images from "img" using canvas

in FF and Chrome all is Ok

but in Safari i got this SECURITY_ERR: DOM Exception 18: An attempt was made to break through the security policy of the user agent.

all images from "img" has Access-Control-Allow-Origin:* in headers

so where is padla?

fullpipe
  • 368
  • 4
  • 14

1 Answers1

2

getImageData which you probably call will raise this if you try to access the one host from the other. You cannot go around this, the only way around it would be to proxy from img.example.com to prod.example.com

ggozad
  • 13,105
  • 3
  • 40
  • 49
  • i thought that if "prod" and "img" is sub domains of example.com then `getImageData` is allowed – fullpipe Feb 15 '12 at 18:39
  • I don't think so. See http://www.whatwg.org/specs/web-apps/current-work/multipage/origin-0.html#same-origin , my understanding is that the hosts are different for subdomains. You could also try the document.domain at the end since you have control on both servers. – ggozad Feb 15 '12 at 19:51
  • as i understand `document.domain` works only for cross-domain scripting and not on `getImageData` so i`ll try to make a proxy, thanx – fullpipe Feb 15 '12 at 22:29
  • Btw, you can also proxy on your front-end (apache or nginx or whatever), if that makes it easier than proxying on your web server. – ggozad Feb 15 '12 at 23:05
  • 2
    i really do not understand why `Access-Control-Allow-Origin: *` is not working – fullpipe Feb 15 '12 at 23:11