js: Enable cross-origin error debugging with crossorigin="anonymous".

If the script comes from a different origin than the requesting page,
and is not marked `crossorigin="anonymous"`, the `window.onerror`
handler receives no information other than "Script error." in the
event of a runtime error.

This effectively silences blueslip errors in development if the user
is developing on a remote host (such as a DigitalOcean droplet), since
static resources are served from `hostname.zulipdev.org`, and the
realm is served from `realmname.hostname.zulipdev.org`.  It also
silenced blueslip reporting in production for any non-default (non-"")
realms.  Sentry reporting, Vagrant developments, and truly ancient or
insecure browsers were unaffected.

Add the necessary `crossorigin="anonymous"` attribute to the
`<script>` tag to allow blueslip access to this error information.
This commit is contained in:
Alex Vandiver 2023-04-06 17:46:47 +00:00 committed by Tim Abbott
parent a96cfb58bd
commit 1833afee6a
2 changed files with 2 additions and 1 deletions

View File

@ -28,7 +28,7 @@
{% if filename.endswith(".css") -%} {% if filename.endswith(".css") -%}
<link href="{{ filename }}" rel="stylesheet" {% if csp_nonce %}nonce="{{ csp_nonce }}"{% endif %} /> <link href="{{ filename }}" rel="stylesheet" {% if csp_nonce %}nonce="{{ csp_nonce }}"{% endif %} />
{% elif filename.endswith(".js") -%} {% elif filename.endswith(".js") -%}
<script src="{{ filename }}" defer {% if csp_nonce %}nonce="{{ csp_nonce }}"{% endif %}></script> <script src="{{ filename }}" defer crossorigin="anonymous" {% if csp_nonce %}nonce="{{ csp_nonce }}"{% endif %}></script>
{% endif -%} {% endif -%}
{% endfor %} {% endfor %}
{% endblock %} {% endblock %}

View File

@ -171,6 +171,7 @@ export default (
// (https://github.com/webpack/webpack/issues/11937) // (https://github.com/webpack/webpack/issues/11937)
(pathData) => "files" + path.join("/", pathData.filename!), (pathData) => "files" + path.join("/", pathData.filename!),
chunkFilename: production ? "[contenthash].js" : "[id].js", chunkFilename: production ? "[contenthash].js" : "[id].js",
crossOriginLoading: "anonymous",
}, },
resolve: { resolve: {
...baseConfig.resolve, ...baseConfig.resolve,