5

I'm using a script that detects Javascript errors and reports them to my backend. However I am getting cryptic "script error" messages, which is not very helpful for debugging.

According to Cryptic "Script Error." reported in Javascript in Chrome and Firefox the reason is because the script that threw the error is served from a different origin than my site.

Since I'm using a CDN all of my scripts are effectively served from another domain. Is there a way to get more useful error messages while still using a CDN?

Also everything is served over SSL so I would like to retain this ability.

Improve this question
10
  • Adding scripts from different domains to your web-page does not violate the same-origin policy. This does not throw errors. Commented Jul 28, 2012 at 20:35
  • What error messages exactly do you get? Commented Jul 28, 2012 at 20:36
  • I get "Script Error." It's the same as the question I linked. The top answer says "The "Script error." happens... when an exception violates the browser's same-origin policy - i.e. when the error occurs in a script that's hosted on a domain other than the domain of the current page." Is this not correct? Commented Jul 28, 2012 at 20:49
  • That user is writing about loading HTML documents in SCRIPT elements (e.g. <script src="http://foo.com/bar.html">), which doesn't work AFAIK. But that's not what you're doing, right? You're loading .js files from different domains which is OK (e.g. <script src="http://ajax.googleapis.com/ajax/libs/jquery/1.7.2/jquery.js">). A web-page can load JavaScript files from any domain - that will work and won't throw an error. Commented Jul 28, 2012 at 21:04
  • Loading the script is fine, but if that remote script throws an error, I only get "script error" which is not very helpful in debugging. I want to know how to utilize a CDN and still get more useful errors. Commented Jul 28, 2012 at 23:05

2 Answers 2

Reset to default
1

I had a similar problem: my scripts are served by a subdomain and fall under the same origin restriction. However, I solved this by:

1) adding every script tag like this:

<script type="text/javascript" src="http://subdomain.mydomain.tld" crossorigin="*.mydomain.tld" />

2) modifying the apache httpd.conf by adding the following inside every vhost (you must enbable mod_headers):

<IfModule mod_headers.c>
Header add Access-Control-Allow-Origin "*.mydomain.tld"
</IfModule>

On one of my server I was not able to make this functional except by replacing

*.mydomain.tld

by

*

Be aware of the flaws with potentially allowing * to phish extended information. Documentation on CORS, same-origin, img & fonts, cdn is available but very fewer about script tag crossorigin details is available.

Hope this helps ...

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

Is there any way to solve this problem if you are loding a JS file from an external server you don't control (e.g. API provider's server)?
0

Try using jsonp for the dataType attribute in jQuery.ajax. The remote server will also need to support jsonp. It will get around the browser security preventing XSS.

Alternatively, you could use an IFrame and use jQuery within each window, but use HTML5 postMessage to communicate back and forth between the windows on two different domains.

Or, if you control both servers you can set the headers for same origin.

Jsonp has been my weapon of choice for this kind of problem. The others are just a legitimate.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.