Reputation: 1240
why enabling CORS for js files by setting crossorigin= anonymous cause “blocked by CORS policy” although Access-Control-Allow-Origin exist?
We wanted to have error information for the js scripts being loaded from different domains. Based on documents we have set crossorigin= "anonymous" attribute on script tags and we are sending Access-Control-Allow-Origin:* from our js servers with another domain but in some users not all chrome blocks loading script files why is that happening?
Script tag in main html page from first domain domain:
script type='text/javascript' src='myseconddomain.com/testscript.js' crossOrigin='anonymous'></script
and response header for testscript.js has "Access-Control-Allow-Origin:*"
Upvotes: 1
Views: 2476
Answers (1)
Reputation: 1240
seems chrome has a a problem of caching javascript files without looking at their crossOrigin attributes meaning if there is a js file refereed in the page without crossOrigin attribute and later you edit and add this attribute chrome ignore it and use its cached version which causes problems
Upvotes: 2
Related Questions
- CORS – Cross Origin Request Blocked – The 'Access-Control-Allow-Origin' header contains invalid value
- With <script crossorigin='anonymous'>, why is a script "blocked by CORS policy"?
- CORS allowed when no response header Access-Control-Allow-Origin
- Access-Control-Allow-Origin is not recognized by Chrome
- No 'Access-Control-Allow-Origin' client side fix
- Js cors. No 'Access-Control-Allow-Origin'
- Javascript CORS - No 'Access-Control-Allow-Origin' header is present
- CORS Access-Control-Allow-Origin despite correct headers
- No 'Access-Control-Allow-Origin' but still processing
- Access-Control-Allow-Origin: * is set but I still get Origin not allowed