cross origin error handling

[szepeviktor]

I've just read that window.onerror is not triggered if you use a CDN.
Please consider adding crossorigin="anonymous" to on-the-fly created script tags.

[unscriptable]

Do you have a link to an article or specification that show how crossorigin="anonymous" can be used on script elements? I can only find information about using it on video and img elements. Thanks!

[szepeviktor]

here it is
http://blog.errorception.com/2012/12/catching-cross-domain-js-errors.html?m=1

[unscriptable]

Thanks for the link, @szepeviktor. From reading this article (and another from @briancavalier), it seems like we can only add this attribute when we know that the site serving the script has set Access-Control-Allow-Origin: *. Otherwise, the script does not evaluate.

Some background: scripts have never given any good error reporting, whether or not you use window.onerror or script.onerror or whether the script is remote or not. It'll be nice to get good errors so curl.js can provide something other than "HTTP or Syntax error". :)

This feels like an opt-in feature that would be specified on each remote script. Something like this:

curl.config({
    paths: {
        jquery: { location: "//cdn.jquery.com/jquery-2.0.3.min", crossorigin: "anonymous" }
    }
});

Thoughts?

-- John

[szepeviktor]

It is very good.
It would be even nicer to have a global config option also.

curl.config({
    crossorigin: "anonymous",
    paths: {
        jquery: { location: "//cdn.jquery.com/jquery-2.0.3.min" }
    }
});

[unscriptable]

All config options can be specified "globally" (although a few don't make sense to be used globally). This one, crossorigin, just seems like it's too error-prone to use it globally. :)

[szepeviktor]

Do you plan to implement it?

[unscriptable]

We're considering it. We don't yet know if async scripts gain any useful error information in their onerror events. Fwiw, a global window.onerror seems like the wrong place to send error info when there could be several, parallel scripts loading at once. I'm hoping that each script's onerror handler gets the info passed to it, as well.

Is this something you could test for us?

Also: it'd be very exciting if this feature prompted the IE team to start firing the script's onerror event, too. (Currently, IE never fires this event handler, which limits the features of script loaders as you can imagine!)

/me crosses fingers for an IE12 that doesn't suck. :)

[szepeviktor]

I plan to report errors to Google Analytics on a small site.
I think there are no errors now. But it is good to track whether there are any.

Do you think a script loaded from CDN tells you more than "Script error on line 0" on error?

[szepeviktor]

script.onerror does not fire:

window.onerror = function (msg, url, line) {
    console.log(msg)
    console.log(url + ':' + line)
    window.alert("win.onerror fires");
}

var head = document.getElementsByTagName('head').item(0);
var script = document.createElement('script');

script.src = '/f.js' // this contains: idontexist();
script.onload = function() {
    window.alert('this works');
}
script.onerror = function() {
    window.alert("onerror doesn't fire");
}
head.appendChild(script);

console.log('end.');

[szepeviktor]

Do you plan to support crossorigin="anonymous" in the next release?