I am using FabricJS' loadFromJSON method to load a bunch of objects (text and images) to a canvas.

The images are coming from Google Cloud Storage. The bucket they are stored in has the correct CORS settings, for allow all for "Access-Control-Allow-Origin".

The images will load in OK, but when trying to save a thumbnail, using the toDataURL() method, I get:

Uncaught SecurityError: Failed to execute 'toDataURL' on 'HTMLCanvasElement': Tainted canvases may not be exported.

I'm unsure why, because the images CORS settings are correct.

I know some people suggest creating a new image and setting the attribute that way, but that doesn't fit in with using the very quick and easy loadFromJSON method.

Any ideas on why the CORS settings are being ignored and anyway around this issue?