Anton Astashov
Anton Astashov

Reputation: 95

"Script Error." errors in window.onerror in Safari only

I'm getting "Script Error." when catching errors in window.onerror, even with properly (I think) configured CORS headers on S3.

CORS config:

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
    <AllowedOrigin>*</AllowedOrigin>
    <AllowedMethod>GET</AllowedMethod>
    <AllowedMethod>POST</AllowedMethod>
    <AllowedMethod>PUT</AllowedMethod>
    <AllowedMethod>HEAD</AllowedMethod>
    <MaxAgeSeconds>3000</MaxAgeSeconds>
    <AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>

HTML:

<script crossorigin src="https://s3.amazonaws.com/safari-script-error/foo.js" />

which contains:

window.addEventListener("keydown", function(event) {
  if (event.keyCode === 69) { // "e" button
    throw new Error("Oh shoot");
  }
});

JS:

window.onerror = function(event) {
  console.log(event);
}

Codepen: https://codepen.io/astashov/pen/yoEvRB

It works fine in Chrome, Firefox and IE11, and only shows "Script error." in Safari (I have Version 10.0.3 (12602.4.8)).

How to make it work in Safari too?

Upvotes: 8

Views: 6297

Answers (2)

sideshowbarker
sideshowbarker

Reputation: 88156

How to make it work in Safari too?

You can’t. Current Safari versions don’t support giving error messages to the onerror callback in the cross-origin case—even if a crossorigin attribute is specified on the script element.

Safari did support it previously, but subsequently regressed at some point.

There’s an open bug for this at https://bugs.webkit.org/show_bug.cgi?id=132945

Upvotes: 12

Will
Will

Reputation: 3241

It doesn't appear that CORS is the problem. It appears that support for the global onerror handler isn't in every browser.

See: https://developer.mozilla.org/en-US/docs/Web/API/GlobalEventHandlers/onerror

Actually, it probably is related to CORS.

When a syntax(?) error occurs in a script, loaded from a different origin, the details of the syntax error are not reported to prevent leaking information (see bug 363897). Instead the error reported is simply "Script error." This behavior can be overriden in some browsers using the crossorigin attribute on and having the server send the appropriate CORS HTTP response headers. A workaround is to isolate "Script error." and handle it knowing that the error detail is only viewable in the browser console and not accessible via JavaScript.

Upvotes: 0

Related Questions