Page MenuHomePhabricator

Use CORS-enabled fetch of scripts to avoid same-domain limitations in JS error logging
Open, LowestPublic


  • make sure all script files are served with CORS Allow-Origin headers
  • make sure script tags added by ResourceLoader in the process of module loading have a crossorigin="anonymous" attribute

This should only be done if T507 shows that CORS fetches work reliably for the overwhelming majority of users.
If this turns out to be problematic, T513 could be an alternative.

Event Timeline

Tgr claimed this task.
Tgr raised the priority of this task from to Medium.
Tgr updated the task description. (Show Details)
Tgr changed Security from none to None.
Tgr subscribed.
Tgr renamed this task from Use CORS-enabled fetch for scripts to Use CORS-enabled fetch of scripts to avoid same-domain limitations in JS error logging.Oct 1 2014, 10:15 AM
Tgr removed Tgr as the assignee of this task.Jan 30 2015, 2:38 AM
Tgr claimed this task.

Not necessary after T95448 (global user JS is still loaded cross-domain I believe, and some gadgets have central wikis, but those use cases are not worth the effort, and might go away after T31272).

Still useful for third parties I guess.

Tgr lowered the priority of this task from Medium to Lowest.Aug 12 2015, 11:55 PM

At the time of creating this task it was assumed that the server side implementation of error logging would be based on Sentry. We have eventually decided on a different implementation, so de-tagging.

This open task has no active project tags so it will not be found. Adding vague WMF-General-or-Unknown, please feel welcome to add a more specific tag.