Why does the editor throw a CORS error when processing an image?
The most likely cause of CORS errors is an incorrectly configured CORS policy on a remote server. A resource is deemed remote when it has a different domain, subdomain, protocol, or port as the local server.
Some examples of cross-origin requests:
https://my-site.com -> https://your-site.com https://my-site.com -> https://sub.my-site.com https://my-site.com -> http://my-site.com https://my-site.com -> http://my-site.com:1234
We can determine if the CORS policy is configured incorrectly by looking at the network tab of our browser developer tools and inspecting the request. If the
Access-Control response headers are turned CORS is configured.
Below we can see the request information when loading a test image from the PQINA webserver:
Request Headers Url: https://pqina.nl/pintura/test/cors/test.jpeg Method: GET Response Headers Access-Control-Allow-Methods: GET Access-Control-Allow-Origin: * Content-Type: image/jpeg
A wildcard means that the file can be accessed from everywhere, it's best to set a specific origin.
If a specific origin is set (so no wildcard), we need to make sure the image is correctly cached as well. To do this we need to set the
Vary header to
Origin, see CORS and caching on MDN.
If for some reason the remote CORS policy can't be changed we can proxy the image request through the local server. In that situation we send the URL of the remote image to our local server, our local server then requests the remote image and returns the result to the front-end.
Additional information on setting a CORS policy:
HTML Canvas and CORS
Google Cloud and CORS
Amazon AWS S3 and CORS
An S3 bucket doesn't automatically send the
Vary: Origin header, the
Origin header needs to be present in the request for S3 to add it to