You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The second script tag has the crossorigin attribute to make sure error details make it through. This also should make the browser send an Origin header when fetching the script. That doesn't happen anymore in Safari (tested with Safari 9.0.3) after I added the bugsnag script tag.
In this test app, the script comes from Now. In real life, we host that script on S3 and if the Origin header is not present S3 doesn't send back CORS headers, breaking our entire application.
The test app reports 'Everything is fine' if the Origin header was present in the request for the second script, it reports 'CORS ISSUE' if it is not.
Could be a browser quirk, but I would really appreciate it if you could investigate this issue.
Thanks
The text was updated successfully, but these errors were encountered:
There is certainly something strange going on with Safari, but I don't think it is related to the Bugsnag library.
I've made a page with the following two script tags (the scripts do not exist): <script src="//example.com/script1.js" crossorigin="anonymous"></script> <script src="//example.com/script2.js" crossorigin="anonymous"></script>
From inspection of the request headers in Safari developer tools, the request for script1.js has the Origin header set as expected but the request for script2.js does not send the Origin request header at all.
With the same page in Chrome and Firefox the Origin request header is set for both script1.js and script2.js.
This looks to me like bug in Safari (9.1) that means only the first script request sets the Origin header (if required due to the crossorigin attribute).
I've added bugsnag before our script:
<script src="//d2wy8f7a9ursnm.cloudfront.net/bugsnag-2.min.js" data-apikey="1e83bd8564d6cb743c5e8ace740cd07d"></script>
<script src="https://test-bugsnag-pwgwqzdfgh.now.sh/headers.js" crossorigin="anonymous"></script>
The second script tag has the crossorigin attribute to make sure error details make it through. This also should make the browser send an Origin header when fetching the script. That doesn't happen anymore in Safari (tested with Safari 9.0.3) after I added the bugsnag script tag.
In this test app, the script comes from Now. In real life, we host that script on S3 and if the Origin header is not present S3 doesn't send back CORS headers, breaking our entire application.
The test app reports 'Everything is fine' if the Origin header was present in the request for the second script, it reports 'CORS ISSUE' if it is not.
Could be a browser quirk, but I would really appreciate it if you could investigate this issue.
Thanks
The text was updated successfully, but these errors were encountered: