If the script comes from a different origin than the requesting page,
and is not marked `crossorigin="anonymous"`, the `window.onerror`
handler receives no information other than "Script error." in the
event of a runtime error.
This effectively silences blueslip errors in development if the user
is developing on a remote host (such as a DigitalOcean droplet), since
static resources are served from `hostname.zulipdev.org`, and the
realm is served from `realmname.hostname.zulipdev.org`. It also
silenced blueslip reporting in production for any non-default (non-"")
realms. Sentry reporting, Vagrant developments, and truly ancient or
insecure browsers were unaffected.
Add the necessary `crossorigin="anonymous"` attribute to the
`<script>` tag to allow blueslip access to this error information.
webpack-dev-server 4.12.0 introduced a global handler that shows a
full-screen overlay for all runtime errors, but it’s redundant with
our blueslip_stacktrace handler and less functional at this time.
Signed-off-by: Anders Kaseorg <anders@zulip.com>
Anders Kaseorg
Alex Vandiver