Loading bugsnag.js before script with crossorigin attribute causes Safari to not send Origin header #141
Comments
|
Also a problem with Safari 9.1 |
|
Anyone? I put some time into isolating the behaviour so it would be easier for you guys to observe the bug. Thanks, |
|
@piether thanks for reporting this. There is certainly something strange going on with Safari, but I don't think it is related to the Bugsnag library. I've made a page with the following two script tags (the scripts do not exist): From inspection of the request headers in Safari developer tools, the request for With the same page in Chrome and Firefox the This looks to me like bug in Safari (9.1) that means only the first script request sets the |
|
Thanks for the feedback. I'll try my luck with the Safari team then. |
I've added bugsnag before our script:
<script src="//d2wy8f7a9ursnm.cloudfront.net/bugsnag-2.min.js" data-apikey="1e83bd8564d6cb743c5e8ace740cd07d"></script><script src="https://test-bugsnag-pwgwqzdfgh.now.sh/headers.js" crossorigin="anonymous"></script>The second script tag has the crossorigin attribute to make sure error details make it through. This also should make the browser send an Origin header when fetching the script. That doesn't happen anymore in Safari (tested with Safari 9.0.3) after I added the bugsnag script tag.
In this test app, the script comes from Now. In real life, we host that script on S3 and if the Origin header is not present S3 doesn't send back CORS headers, breaking our entire application.
The test app reports 'Everything is fine' if the Origin header was present in the request for the second script, it reports 'CORS ISSUE' if it is not.
Could be a browser quirk, but I would really appreciate it if you could investigate this issue.
Thanks
The text was updated successfully, but these errors were encountered: