NotSameOriginAfterDefaultedToSameOriginByCoep on rs.fullstory.com/rec/integrations?OrgId=xxx - Githubissues

fullstorydev / fullstory-browser-sdk

Official FullStory SDK for JavaScript, for web browsers

MIT License

55 stars 17 forks source link

NotSameOriginAfterDefaultedToSameOriginByCoep on rs.fullstory.com/rec/integrations?OrgId=xxx #107

Open pcorless opened 2 years ago

pcorless commented 2 years ago

I work on an app that takes advantage of CORS policies/headers and fullstory works as expected. However we've recently noticed an error in our browser logs when loading https://edge.fullstory.com/s/fs.js.

fs.js:3 GET https://rs.fullstory.com/rec/integrations?OrgId=xxxx net::ERR_BLOCKED_BY_RESPONSE.NotSameOriginAfterDefaultedToSameOriginByCoep 200 t.injectIntegrationScript	@	fs.js:3
	t.handleIntegrationScript	@	fs.js:3
	(anonymous)	@	fs.js:3
	(anonymous)	@	fs.js:3
	(anonymous)	@	fs.js:3
	(anonymous)	@	fs.js:3
	h	@	fs.js:3
	(anonymous)	@	fs.js:3
	(anonymous)	@	fs.js:3
	u.onreadystatechange	@	fs.js:3
	XMLHttpRequest.send (async)
	(anonymous)	@	VM6:1
	co	@	fs.js:3
	e.post	@	fs.js:3
	e.page	@	fs.js:3
	t.start	@	fs.js:3
	o	@	fs.js:3
	o.deferredStart	@	fs.js:3
	e.restart	@	fs.js:3
	(anonymous)	@	fs.js:3

The happens when we call restart() on full story. My hunch is that fs.js isn't including the "r.crossOrigin = 'anonymous';" when building out the script to download the url above. Any thoughts?