Module isn't fetched with credentials #458

Rich-Harris · 2018-10-01T22:15:39Z

In my current case, I'm building an app behind an IAP interstitial, but this will no doubt also apply to some cases where assets are hosted on a separate domain to the app itself once we get round to #437, whatever form it takes.

Sapper writes this code to the page:

try{
  new Function("import('/client/client.939216c0.js')")();
}catch(e){
  var s=document.createElement("script");
  s.src="/client/shimport@0.0.11.js";
  s.setAttribute("data-main","/client/client.939216c0.js");
  document.head.appendChild(s);
}

When IAP is involved you have to pay for everything with a cookie. Regular script tags are fine, but modules are not. Since there's currently no way to use credentials with import(...), that presumably needs to become something like this:

var s=document.createElement("script");
try{
  new Function("if(0){import('')}")();
  s.type='module';
  s.crossorigin='use-credentials';
  s.src='/client/client.939216c0.js'
}catch(e){
  s.src="/client/shimport@0.0.11.js";
  s.setAttribute("data-main","/client/client.939216c0.js");
}
document.head.appendChild(s);

The text was updated successfully, but these errors were encountered:

inject a <script> with crossOrigin - fixes #458

Rich-Harris closed this as completed in e2206d0 Oct 2, 2018

Rich-Harris added a commit that referenced this issue Oct 2, 2018

Merge pull request #459 from sveltejs/gh-458

48b1faf

inject a <script> with crossOrigin - fixes #458

Rich-Harris mentioned this issue Oct 25, 2018

modules, credentials, wtf #496

Open

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Module isn't fetched with credentials #458

Module isn't fetched with credentials #458

Rich-Harris commented Oct 1, 2018

Module isn't fetched with credentials #458

Module isn't fetched with credentials #458

Comments

Rich-Harris commented Oct 1, 2018