All geek questions in one place

Some JS script downloads in Chrome, but not in Firefox

I am having some strange problems with some external scripts on my site. I finally got to this fragment.

<script type="text/javascript" src="//www.googleadservices.com/pagead/conversion.js" onload="console.log('conversion')"></script>
<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js" onload="console.log('jquery')"></script>

Downloading this in firefox has only a second script download, and with chrome, it also downloads. This is on OSX with the latest browsers.

Now, if I add the crossorigin attribute for both scenarios, it stops working in chrome with this errorScript from origin 'http://www.googleadservices.com' has been blocked from loading by Cross-Origin Resource Sharing policy: No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'http://www.example.com:3000' is therefore not allowed access.

Scripts now

<script type="text/javascript" src="//www.googleadservices.com/pagead/conversion.js" onload="console.log('12123')" crossorigin async></script>
<script type="text/javascript" src="//ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js" onload="console.log('123')" async crossorigin></script>

I was struck by this difference in behavior. Is it because firefox is more restrictive than Chrome? Is this the setting I set somewhere? Or is it a bug on the side of Firefox / Chrome?

Also, should I talk to the seller to get their js setup for CORS? I was struck that Google is not working, but I have another resource.

MDN , script .

+4
3

Cross-Origin , Site A , Site B, . Site A B , Access-Control-Allow-Origin. , Site B .

Site B Access-Control-Allow-Origin , . URL- :

Access-Control-Allow-Origin: http://yoursite.com

crossorigin script, window.onerror -. MDN:

script window.onerror , CORS. , , crossorigin , crossgigin img. WHATWG .

+4

script, HTTP-. , , .

crossorigin script , CORS . . : https://developer.mozilla.org/en-US/docs/Web/HTML/Element/script#attr-crossorigin

, , , ​​ WebKit CORS. , , , . . WebKit 107389

, googleadservices CORS, Chrome . , Firefox, Chrome, , , .

curl -i " https://www.googleadservices.com/pagead/conversion.js"

HTTP/1.1 200 OK
P3P: policyref="https://www.googleadservices.com/pagead/p3p.xml", CP="NOI DEV PSA PSD IVA IVD OTP OUR OTR IND OTC"
Content-Type: text/javascript; charset=ISO-8859-1
Date: Mon, 22 Feb 2016 05:10:29 GMT
Expires: Mon, 22 Feb 2016 05:10:29 GMT
Cache-Control: private, max-age=86400
X-Content-Type-Options: nosniff
Content-Disposition: attachment; filename="f.txt"
Server: cafe
X-XSS-Protection: 1; mode=block
Alternate-Protocol: 443:quic,p=1
Alt-Svc: quic=":443"; ma=2592000; v="30,29,28,27,26,25"
Accept-Ranges: none
Vary: Accept-Encoding
Transfer-Encoding: chunked

curl -i https://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js

HTTP/1.1 200 OK
Vary: Accept-Encoding
Content-Type: text/javascript; charset=UTF-8
Access-Control-Allow-Origin: *
Timing-Allow-Origin: *
Date: Tue, 16 Feb 2016 17:29:02 GMT
Expires: Wed, 15 Feb 2017 17:29:02 GMT
Last-Modified: Fri, 16 Oct 2015 18:27:31 GMT
X-Content-Type-Options: nosniff
Server: sffe
X-XSS-Protection: 1; mode=block
Cache-Control: public, max-age=31536000, stale-while-revalidate=2592000
Age: 475251
Alternate-Protocol: 443:quic,p=1
Alt-Svc: quic=":443"; ma=2592000; v="30,29,28,27,26,25"
Accept-Ranges: none
Transfer-Encoding: chunked
+1

Try adding "http:" in the src attribute of the script tag.

<script type="text/javascript" src="http://www.googleadservices.com/pagead/conversion.js" onload="console.log('conversion')"></script>
<script type="text/javascript" src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.1/jquery.min.js" onload="console.log('jquery')">
-2
source

Source: https://habr.com/ru/post/1628460/

More articles:


All Articles