This is working in Chrome, but not in firefox. The Access-Control-Allow-Origin is set to *, and images are loaded with a crossOrigin set to anonymous, however when drawing the images onto a canvas in firefox they taint the canvas. The code to load the image is as follows:

var image = new Image();
image.onload = loadCallback;
image.crossOrigin = "anonymous";
image.src = imageSrc;

A few questions:

1. Is there something I am missing that is specific to Firefox? Does it require more headers than Access-Control-Allow-Origin?
2. Is there any way to determine from a loaded image that it is tainted (would be useful for debugging).
3. The domain name for the servers are the same, they are just different subdomains (i.e. images.example.com and mysite.example.com), is there any way to use this to my advantage or should I really have a proxy in place to do a passthru and just forget about dealing with the CORS issues?

Support for not tainting the canvas when CORS-enabled images are painted to it was added in Firefox 9. See https://bugzilla.mozilla.org/show_bug.cgi?id=685518

So if you're testing with Firefox 8, it won't work. Try a Firefox 9 beta?