Using the LifterLMS PDFs Image Proxy Server


# Top

LifterLMS PDFs includes an image proxy server utilized by the included client-side PDF generation utilities.

This advanced setting is necessary for exporting certificates as PDFs if you are including images hosted on a different domain that the website where the LifterLMS PDFs add-on is installed.

If your website uses a CDN you more likely need to configure the image proxy to ensure these images are included in your certificate PDF exports.

Identifying the need to use an Image Proxy

# Top

If you’re not sure whether or not your site requires the Image Proxy to be enabled you can follow these steps:

  1. Ensure that certificate exports are enabled and the image proxy is disabled in your LifterLMS PDFs settings
  2. Visit a certificate template or earned certificate on the frontend of your website
  3. Click the Save button to download a PDF of the certificate

If you are able to successfully download the certificate your site doesn’t require an image proxy. If, however, you encounter the following error message:

An error was encountered during PDF generation. [SecurityError] Failed to execute ‘toDataUrl’ on ‘HTMLCanvasElement’: Tainted canvases may not be exported.

certificate image proxy error

Then you will need to enable the image proxy.

Configuring the Image Proxy Server

# Top

To configure the image proxy server, head to the LifterLMS PDFs settings and locate the Image Proxy section.

Check the box that says Enable Image Proxy.

You should also configure the list of Allowed Origins. This is a list of full or partial domain names (origins) which you wish to explicitly allow to utilize the Image Proxy server. When configuring your list, enter one full or partial domains per line.

If you wish to allow any origin to use the Image Proxy, simply enter “*” (a wildcard) as the only entry in the list. Note that using this configuring could introduce a security and/or performance risk to your site so we recommend to only use a wildcard if you’re unable to adequately generate a complete allow list.

When entering domains we recommend using a fully-qualified domain name for each origin, for example, if you wished to allow images from, you should enter This isn’t required though and there may be circumstances in which you wish to enter only If you wish to allow images regardless of protocol, you could enter :// which would allow images from either or

After enabling the proxy and Allowed Origins list, save your settings and try to export your certificate again. If you configured it correctly the error you previously experienced will go away and your certificate will be exported successfully.

Identifying origins used on your website

# Top

If you’re not sure what origins are being used on your website you can follow these steps to help generate a list:

  1. Visit a certificate on the frontend of your website.
  2. Open the browser’s developer tools (Using Chrome, Using Edge, Using Firefox)
  3. Click on the Network Tab and then filter requests by Img
  4. Reload the page
  5. View the resulting list of images by clicking on each one

Any image from a domain name other than your website’s domain is a domain you likely need to add to your allow list.


If you’re logged in as a user role that can see the WordPress Admin bar there is probably an avatar image being loaded from This image is more than likely not being included in your certificate and can be excluded from your allowed origins list.
Last Updated on
Was this article helpful?