Based on some readings, I understood the following:
- Javascript files downloaded from the CDN will generate sanitized stack stacks in error.stack that simply contain "Script Error"
- Actual traces can be obtained if the BOTH script file includes crossorigin = "anonymous" and the CDN sends Access-Control-Allow-Origin: *
I have a number of questions about this, and I hope someone can answer:
- If I programmatically add a script to the DOM and first call script.crossorigin = "anonymous", does that mean "count"? Will this cause problems in older browsers?
- Any tips on getting Access-Control headers working with S3 => CloudFlare? It honestly seems impossible. Despite the configuration, S3 only sends headers if REQUEST includes Origin, which never occurs. And even if this happened, if the first request came from a browser that does not support CORS / Origin headers, the invalid version will be the one that will be cached.
- Is it true that I need these headers? It seems to me that I saw stack traces in Chrome with no headers. Was the restriction removed from Chrome because it was unrealistic? Or does this not apply to javascript files added programmatically? What browser versions really disinfect traces?
Dan d