5

Background

  • A few years ago there was an issue with the onerror handler and cross origin script tags, more info on that.

  • Major browsers fixed the issue.

  • Knowing this was a problem with detecting client side errors from CDNed scripts, they somewhat relaxed these constraints (firefox, webkit)

Actual Question

I'm hosting a simple page on localhost and including a script from a different domain (e.g. "sitea"), here's what the HTML looks like:

<html>
<head>
<script>window.onerror = function(e, f, g) { console.log('err',e,f,g) }</script>
</head>
<body><h2>test</h2>
<script src='http://siteA:8081/one.js' crossorigin='anonymous'></script>
</body>
</html>

The script on siteA does this:

var foo; foo.bar;

Obviously that's going to throw since bar is undefined.

Unfortunately I'm still getiing the "Script Error" at line 0, like described in the tickets.

Note that I'm:

  • Setting the crossdomain attribute.

  • Seeing the "Origin" header on the request

  • Setting the Access-Control-Allow-Origin header to "*" and seeing it on the dev web tools.

I've tried it both in firefox and chrome, it doesn't work. Anyone has an idea why?

Pablo Fernandez
  • 103,170
  • 56
  • 192
  • 232
  • Chrome actually [doesn't support cross-origin error reporting yet](https://code.google.com/p/chromium/issues/detail?id=159566). Also, [more background on the issue here](http://stackoverflow.com/a/14165776/201952). – josh3736 Jun 19 '13 at 21:18
  • Pablo, this should work in Firefox.... I assume you're using a recent version, right? Support for this was added in Firefox 13. – Boris Zbarsky Jun 20 '13 at 02:28

1 Answers1

3

Works for me in Firefox 20 and Chrome supports cross-origin error reporting as of version 30.

You can see that indeed the browsers do send an Origin: header because the <script> tag has a crossorigin attribute, and the error is properly reported because the server responds with Access-Control-Allow-Origin: *.

josh3736
  • 139,160
  • 33
  • 216
  • 263