Skip to content

feat: Add support for crossorigin in differential loading #14743

New issue
New issue
Closed
#14844
Closed
feat: Add support for crossorigin in differential loading#14743
#14844
Assignees
alan-agius4
Labels
area: @angular-devkit/build-angularfeatureIssue that requests a new feature
Milestone
8.1.x
@BernhardRode

Description

@BernhardRode
BernhardRode
opened on Jun 12, 2019

We are using a transparent authentication gateway from Azure (https://docs.microsoft.com/de-de/azure/app-service/overview-authentication-authorization) in front of our applications. It captures all requests and some 'new' tags like:

  • <script type="module" src="…">

need the attribute crossorigin="use-credentials" to be working, as the
It also seems, that Safari is a little bit stricter here, then chrome. Chrome just needs the attribute for the manifest, Safari for both.

If crossorigin is not provided, the browsers throw errors like:

https://login.microsoftonline.com/XXXXX/oauth2/authorize?response_type=code+id_token&redirect_uri=https%3A%2F%2Fapp.azurewebsites.net%2F.auth%2Flogin%2Faad%2Fcallback&client_id=XXXXX&scope=openid+profile+email&response_mode=form_post&resource=https%3A%2F%2Fgraph.windows.net&nonce=XXXXX&state=redir%3D%252Fmain-es2015.3959c9c93c3c451fefc1.js
denied by Cross-Origin Resource Sharing policy: Origin
https://app.azurewebsites.net is not allowed by Access-Control-Allow-Origin.

Some infos about the attribute:
https://developer.mozilla.org/en-US/docs/Web/HTML/CORS_settings_attributes

We already did some tests:

  • First we changed "target": "es2015" to "target": "es5" in tsconfig.json
    -> the application works

  • Then we moved back to es2015 and added a npm build step to our pipeline (thanks to @manfredsteyer)

"build:prod": "ng build --prod && npm run build:replace",
"build:replace": "sed -i.bak 's/type=\"module\"/type=\"module\" crossorigin=\"use-credentials\"/g' dist/app/index.html",

-> the application works

Both workarounds are fine for us, but I think others would like to have an option to configure crossorigin for modules.

🚀 Feature request

Command (mark with an x)

- [X] build

Description

Add a compiler option:

  • p.E. moduleCrossorigin - off | '' | anonymous | use-credentials

Describe the solution you'd like

Generated script tags in index.html should get an additional attribute if the new compilerOption is set:

If moduleCrossorigin is not set: <script type="module" src="…">
If moduleCrossorigin is '' or anonymous: <script type="module" crossorigin="anonymous" src="…">
If moduleCrossorigin is use-credentials: <script type="module" crossorigin="use-credentials" src="…">

Describe alternatives you've considered

Described manual replacements via npm scripts above.

Metadata

Metadata

Assignees

Labels

area: @angular-devkit/build-angularfeatureIssue that requests a new feature

Type

No type

Projects

No projects

Milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions