Polyfill is a cross-origin request

[sjparkinson]

Noticed this locally on epaper in my console in Firefox.

Request to access cookie or storage on “https://polyfill.io/v3/polyfill.min.js?features=default%2Ces…ntersectionObserver%2CNodeList.prototype.forEach&source=next” was blocked because we are blocking all third-party storage access requests and content blocking is enabled.

https://developer.mozilla.org/en-US/docs/Mozilla/Firefox/Privacy/Storage_access_policy/Errors/CookieBlockedForeign

Do we need to add the crossorigin="anonymous" attribute to resources we're loading from third-party domains?

[sjparkinson]

I have like all the tracking protection turned on, so this maybe related to that.

[i-like-robots]

I can't recreate this locally or live using FF68 or FF69, do you have any additional privacy settings or plugins enabled?

[sjparkinson]

Yes so it's ublock origin but more likely is the custom tracking protection:

[i-like-robots]

I also use uBlock origin but have the privacy settings set to "standard" so I suppose that does figure!

In answer to your question... I don't know.

If we do need to add support for this then we'd need to do some refactoring. I don't know what the implications would be for enabling this for all cross-origin URLs but it feels safer to perhaps implement a whitelist. I'd rather avoid making the URLs individually configurable if possible.

EDIT: and I disable uBlock for FT.com

[sjparkinson]

In HTML5, some HTML elements which provide support for CORS, such as ,

Githubissues is a development platform for aggregating issues.