From 1833afee6a17419f556e42a99b8ce9c98f82da42 Mon Sep 17 00:00:00 2001
From: Alex Vandiver <alexmv@zulip.com>
Date: Thu, 6 Apr 2023 17:46:47 +0000
Subject: [PATCH] js: Enable cross-origin error debugging with
 crossorigin="anonymous".

If the script comes from a different origin than the requesting page,
and is not marked `crossorigin="anonymous"`, the `window.onerror`
handler receives no information other than "Script error." in the
event of a runtime error.

This effectively silences blueslip errors in development if the user
is developing on a remote host (such as a DigitalOcean droplet), since
static resources are served from `hostname.zulipdev.org`, and the
realm is served from `realmname.hostname.zulipdev.org`.  It also
silenced blueslip reporting in production for any non-default (non-"")
realms.  Sentry reporting, Vagrant developments, and truly ancient or
insecure browsers were unaffected.

Add the necessary `crossorigin="anonymous"` attribute to the
`<script>` tag to allow blueslip access to this error information.
---
 templates/zerver/base.html | 2 +-
 web/webpack.config.ts      | 1 +
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/templates/zerver/base.html b/templates/zerver/base.html
index e1e765f8b2..f923f8c660 100644
--- a/templates/zerver/base.html
+++ b/templates/zerver/base.html
@@ -28,7 +28,7 @@
                 {% if filename.endswith(".css") -%}
                     <link href="{{ filename }}" rel="stylesheet" {% if csp_nonce %}nonce="{{ csp_nonce }}"{% endif %} />
                 {% elif filename.endswith(".js") -%}
-                    <script src="{{ filename }}" defer {% if csp_nonce %}nonce="{{ csp_nonce }}"{% endif %}></script>
+                    <script src="{{ filename }}" defer crossorigin="anonymous" {% if csp_nonce %}nonce="{{ csp_nonce }}"{% endif %}></script>
                 {% endif -%}
             {% endfor %}
         {% endblock %}
diff --git a/web/webpack.config.ts b/web/webpack.config.ts
index b02306bc4e..ff167c85a3 100644
--- a/web/webpack.config.ts
+++ b/web/webpack.config.ts
@@ -171,6 +171,7 @@ export default (
                   // (https://github.com/webpack/webpack/issues/11937)
                   (pathData) => "files" + path.join("/", pathData.filename!),
             chunkFilename: production ? "[contenthash].js" : "[id].js",
+            crossOriginLoading: "anonymous",
         },
         resolve: {
             ...baseConfig.resolve,