使用cdn避免使用神秘的javascript“脚本错误”

Question

I'm using a script that detects Javascript errors and reports them to my backend. However I am getting cryptic "script error" messages, which is not very helpful for debugging.

According to Cryptic "Script Error." reported in Javascript in Chrome and Firefox the reason is because the script that threw the error is served from a different origin than my site.

Since I'm using a CDN all of my scripts are effectively served from another domain. Is there a way to get more useful error messages while still using a CDN?

Also everything is served over SSL so I would like to retain this ability.

Answer 1

I had a similar problem: my scripts are served by a subdomain and fall under the same origin restriction. However, I solved this by:

1) adding every script tag like this:

<script type="text/javascript" src="http://subdomain.mydomain.tld" crossorigin="*.mydomain.tld" />

2) modifying the apache httpd.conf by adding the following inside every vhost (you must enbable mod_headers):

<IfModule mod_headers.c>
Header add Access-Control-Allow-Origin "*.mydomain.tld"
</IfModule>

On one of my server I was not able to make this functional except by replacing

*.mydomain.tld

by

*

Be aware of the flaws with potentially allowing * to phish extended information. Documentation on CORS, same-origin, img & fonts, cdn is available but very fewer about script tag crossorigin details is available.

Hope this helps ...

Answer 2

Try using jsonp for the dataType attribute in jQuery.ajax . The remote server will also need to support jsonp. It will get around the browser security preventing XSS.

Alternatively, you could use an IFrame and use jQuery within each window, but use HTML5 postMessage to communicate back and forth between the windows on two different domains.

Or, if you control both servers you can set the headers for same origin .

Jsonp has been my weapon of choice for this kind of problem. The others are just a legitimate.