Overview When a video element with crossorigin="use-credentials" receives a 302 redirect, and then is inserted into a canvas with drawImage, the canvas becomes tainted. There is no CORS error when loading the video in the first place, but the canvas is still tainted. This isn't an issue in Chrome or Firefox Steps to Reproduce 1. Load a video from a cross origin server that redirects to another cross origin server 2. draw the image on a canvas element 3. get the image data from the canvas You can view this page here to see the issue: https://pi-web-br-safari-bug.herokuapp.com/safari-bug This page works in Chrome and Firefox, but not Safari. Actual Results operation fails because of a tainted canvas no CORS issue is logged in developer tools Expected Results operation should succeed since CORS was handled correctly Build Date & Hardware Version 15.5 (17613.2.7.1.8) on macOS 12.4 (21F79)
<rdar://problem/95863919>