Why does Safari throw CORS error when setting base64 data on a crossOrigin = 'Anonymous' image?

Question

I\'m having an issue where setting an image src (image created with new Image) to a base64 encoded image fails by throwing: Cross-origin image load denied

Answer 1

MDN states that "You must have a server hosting images with the appropriate Access-Control-Allow-Origin header."

According to specs,
_{emphasize mine}

This, unfortunately, can be used to perform a rudimentary port scan of the user's local network [...] User agents may implement cross-origin access control policies that are stricter than those described above to mitigate this attack, but unfortunately such policies are typically not compatible with existing Web content."

You could simply workaround it by checking the url string, if it starts with data: then it probably won't be served with the cross origin header, then you can set the crossOrigin property back to null.