0

I have one page on my site that uses SharedArrayBuffer, which means I need to use Cross-Origin-Opener-Policy - but this also means I can't use analytics to see if anyone actually uses that page or not.

So I wondered if there's a workaround for this?

I use Fathom Analytics for tracking, so have it analytics set to load from a sub-domain on my site.

I have set the Cross-Origin-Embedder-Policy to require-corp, and Cross-Origin-Opener-Policy to same-origin.

Is there a way to either iframe the analytics, or iframe the Cross-Origin-Opener-Policy app and have analytics on the parent? I've tried looking this stuff up but it's very much outside my realm of expertise. Thanks for any guidance you can offer.

BinaryMoon
  • 95
  • 10

1 Answers1

0

Do you use this way to use Fathom Analytics?

<script src="https://cdn.usefathom.com/script.js" data-site="ABCDEFG" defer></script>

If so, you may try add crossorigin attributes, it may work.

<script crossorigin="anonymous" src="https://cdn.usefathom.com/script.js" data-site="ABCDEFG" defer></script>

If you successfully setup SharedArrayBuffer, then you will suffer many CORS issues, this blog https://www.priestch.com/how-i-resolve-clarity-cors-error/ records my experience to make Microsoft Clarity working, hope it helps.

Priestch
  • 21
  • 1
  • 4
  • Thanks. I never got this to work before so went with a different approach. I will give this a go. – BinaryMoon May 16 '23 at 10:22
  • The `crossorigin` attribute enables CORS check it does not disable it. Check [what MDN says](https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/crossorigin): *By default (that is, when the attribute is not specified), CORS is not used at all.* – Moritz Ringler May 19 '23 at 11:28
  • Let's imagine that you have successfully make the `SharedArrayBuffer` work. If the source of a script is hosted by a different origin, then it will fail definitely. By adding the crossorigin attribute specifically, you are saying, hey I know what l'm doing, just fetch that resource, If the origin sever were configured to allow your own origin, then it will succeed. – Priestch May 19 '23 at 11:50