I am getting crazy with this problem, and hope there is a solution or workaround. I have a canvas inside an iframe, in a different domain (for security reasons). This canvas shows a Processing.js animation/drawing. I need to allow the canvas to load image files that are located on the same domain.
index.html
with the iframe
is in domain.com
index.html
with the canvas
is in sub.domain.com
Now I know for sure that:
- The canvas can load/visualize a remote image but cannot access a remote image data (pixels).
- The canvas can fully access an image file on the same domain, unless it is played in an iframe (!?).
- Setting Access-Control-Allow-Origin header simply allows to access files on other domains.
- The canvas does not support/consider Access-Control-Allow-Origin headers at all.
Is there a way to bypass all these security limits and simply get a canvas played in an iframe to load an image file?