Open szepeviktor opened 10 years ago
unscriptable
commented
10 years ago Do you have a link to an article or specification that show how crossorigin="anonymous" can be used on script elements? I can only find information about using it on video and img elements. Thanks!
szepeviktor
commented
10 years ago unscriptable
commented
10 years ago Thanks for the link, @szepeviktor. From reading this article (and another from @briancavalier), it seems like we can only add this attribute when we know that the site serving the script has set Access-Control-Allow-Origin: *. Otherwise, the script does not evaluate.
Some background: scripts have never given any good error reporting, whether or not you use window.onerror or script.onerror or whether the script is remote or not. It'll be nice to get good errors so curl.js can provide something other than "HTTP or Syntax error". :)
This feels like an opt-in feature that would be specified on each remote script. Something like this:
curl.config({
paths: {
jquery: { location: "//cdn.jquery.com/jquery-2.0.3.min", crossorigin: "anonymous" }
}
});Thoughts?
-- John
szepeviktor
commented
10 years ago It is very good. It would be even nicer to have a global config option also.
curl.config({
crossorigin: "anonymous",
paths: {
jquery: { location: "//cdn.jquery.com/jquery-2.0.3.min" }
}
});All config options can be specified "globally" (although a few don't make sense to be used globally). This one, crossorigin, just seems like it's too error-prone to use it globally. :)
szepeviktor
commented
10 years ago Do you plan to implement it?
unscriptable
commented
10 years ago We're considering it. We don't yet know if async scripts gain any useful error information in their onerror events. Fwiw, a global window.onerror seems like the wrong place to send error info when there could be several, parallel scripts loading at once. I'm hoping that each script's onerror handler gets the info passed to it, as well.
Is this something you could test for us?
Also: it'd be very exciting if this feature prompted the IE team to start firing the script's onerror event, too. (Currently, IE never fires this event handler, which limits the features of script loaders as you can imagine!)
/me crosses fingers for an IE12 that doesn't suck. :)
szepeviktor
commented
10 years ago I plan to report errors to Google Analytics on a small site. I think there are no errors now. But it is good to track whether there are any.
Do you think a script loaded from CDN tells you more than "Script error on line 0" on error?
szepeviktor
commented
10 years ago script.onerror does not fire:
window.onerror = function (msg, url, line) {
console.log(msg)
console.log(url + ':' + line)
window.alert("win.onerror fires");
}
var head = document.getElementsByTagName('head').item(0);
var script = document.createElement('script');
script.src = '/f.js' // this contains: idontexist();
script.onload = function() {
window.alert('this works');
}
script.onerror = function() {
window.alert("onerror doesn't fire");
}
head.appendChild(script);
console.log('end.');Do you plan to support crossorigin="anonymous" in the next release?
I've just read that
window.onerroris not triggered if you use a CDN. Please consider addingcrossorigin="anonymous"to on-the-fly created script tags.