Unfortunately, IE10 still remains the only popular browser that doesn't support CORS for image drawn to Canvas even when CORS headers are properly set. But there is workaround for that via XMLHttpRequest:

不幸的是，即使正确设置了 CORS 标头，IE10 仍然是唯一不支持将 CORS 用于绘制到 Canvas 的图像的流行浏览器。但是可以通过 XMLHttpRequest 解决这个问题：

var xhr = new XMLHttpRequest();
xhr.onload = function () {
    var url = URL.createObjectURL(this.response), img = new Image();
    img.onload = function () {
        // here you can use img for drawing to canvas and handling
        // ...
        // don't forget to free memory up when you're done (you can do this as soon as image is drawn to canvas)
        URL.revokeObjectURL(url);
    };
    img.src = url;
};
xhr.open('GET', url, true);
xhr.responseType = 'blob';
xhr.send();

Confirmed: IE10 does not support CORS images in an HTML 5 canvas.See RReverser's answerfor a workaround.

已确认：IE10 不支持 HTML 5 画布中的 CORS 图像。有关解决方法，请参阅 RReverser 的回答。

Edit

编辑

Sorry, I haven't dealt with CORS images before and thought this question was about an AJAX request.

抱歉，我之前没有处理过 CORS 图像，并认为这个问题是关于 AJAX 请求的。

According to Mozilla Developer Networkyou need to set image.crossOriginto anonymousor use-credentials. Also, according to that page today, these attributes are not supported in IE, Safari, or Opera. This testwas made to demonstrate that IE9 did not support it and it seems that same test still fails in IE10, so even if Safari and Opera have added support since the MDN article was written, it is quite possible that IE10 still lacks support.

根据Mozilla Developer Network，您需要设置image.crossOrigin为anonymous或use-credentials。此外，根据今天的页面，IE、Safari 或 Opera 不支持这些属性。 做这个测试是为了证明IE9不支持，而且在IE10中似乎同样的测试仍然失败，所以即使自MDN文章发布以来Safari和Opera增加了支持，IE10也很可能仍然缺乏支持。

The only tip I can give you is that in general, allow-credentials is incompatiblewith a wildcard allow-origin. Either drop the allow-credentials or echo the request Origin in the allow-origin.

我可以给您的唯一提示是，通常，allow-credentials与通配符 allow-origin不兼容。删除allow-credentials 或在allow-origin 中回显请求Origin。

Below is for AJAX calls, not image or video canvas resources

下面是 AJAX 调用，而不是图像或视频画布资源

Early versions of IE10 were known to have AJAX bugs,

已知早期版本的 IE10 存在 AJAX 错误，

• http://bugs.idsl.pl/ie/xhr.htm
• http://connect.microsoft.com/IE/feedback/details/771552/i-e-10-and-the-post-method

• http://bugs.idsl.pl/ie/xhr.htm
• http://connect.microsoft.com/IE/feedback/details/771552/ie-10-and-the-post-method

so it could be another browser bug. Then again, CORS is deceptively tricky to get right. I recommend the following steps to debug CORS problems.

所以它可能是另一个浏览器错误。再说一次，CORS 很难做到正确。我推荐以下步骤来调试 CORS 问题。

1. Point the browser at http://test-cors.appspot.com/#technicalto get a compatibility report. If anything fails then you have a bug or lack of support for CORS in the browser.
2. If everything passes, use the CORS headers the test is sending as a starting point to get your CORS request working. Then change one header at a time and retest until you get the headers the way you want for your application or you run into a failure you cannot explain or work around.
3. If necessary, post a question about that one tiny change that breaks the CORS request, posting both the working "before" and the failing "after". It always helps if you can include a runnable example.

1. 将浏览器指向http://test-cors.appspot.com/#technical以获取兼容性报告。如果有任何失败，那么您的浏览器存在错误或缺乏对 CORS 的支持。
2. 如果一切顺利，请使用测试发送的 CORS 标头作为起点，让您的 CORS 请求工作。然后一次更改一个标头并重新测试，直到您按照应用程序所需的方式获得标头，或者遇到无法解释或解决的故障。
3. 如有必要，发布一个关于破坏 CORS 请求的微小更改的问题，发布工作“之前”和失败的“之后”。如果您可以包含一个可运行的示例，它总是有帮助的。

The complete code for the CORS test client and server (Python script for Google App Engine) is available at https://github.com/rapportive-oss/cors-testto get you started.

CORS 测试客户端和服务器的完整代码（适用于 Google App Engine 的 Python 脚本）可在https://github.com/rapportive-oss/cors-test上获取以帮助您入门。