feat: support adding 'crossorigin' attribute

[tzachov]

Bug Report or Feature Request (mark with an x)

- [ ] bug report -> please search issues before submitting
- [x] feature request

Versions.

@angular/cli: 1.3.0-rc.5
node: 6.11.0
os: win32 x64

Desired functionality.

Add a build/serve option that adds crossorigin="anonymous" to generated script and style tags.
Adding this attribute will make the request without cookies which are probably an unnecessary overhead on these requests.

This feature can be used if there's no option to use a cookie-less domain.

[axelboc]

My app's assets are hosted on a CDN. I pass the CDN's URL with the --deploy-url option.

I think the lack of attribute crossorigin on the generated script tags means that I get a Script error any time an error is thrown in one of the bundles.

https://scotch.io/bar-talk/what-the-heck-is-script-error

[alan-agius4]

Hi, for this you can use the subresource-integrity flag which also enables the use of subresource integrity validation.

https://angular.io/cli/build

[axelboc]

Not sure how this relates to subresource integrity, sorry.

[clydin]

The crossorigin attributes are added to scripts when the SRI option is enabled. This allows for useful error messaging within the browser console. The attribute controls the presence of error information for "classic" scripts (i.e., not type="module"). No credentials should be sent if the attribute is not present (spec reference) since the "missing default value" is no CORS which would cause a credential mode of "omit".

[angular-automatic-lock-bot]

This issue has been automatically locked due to inactivity.
Please file a new issue if you are encountering a similar or related problem.

Read more about our automatic conversation locking policy.

_{This action has been performed automatically by a bot.}