Security Error with canvas.toDataURL() and drawImage()

Answer 1

You are right, this is a security feature, not a bug.

If reading the Image (for instance with toDataURL or getImageData) would work, you could also read https://mail.google.com/mail/ from the context of your visitor get his emails or whatever.

Therefore, canvas elements have a origin-clean flag, which is set when external images are written to the canvas. In that case, you can no longer read from it.

You can read more about this topic here.