js: Enable cross-origin error debugging with crossorigin="anonymous".

If the script comes from a different origin than the requesting page, and is not marked `crossorigin="anonymous"`, the `window.onerror` handler receives no information other than "Script error." in the event of a runtime error. This effectively silences blueslip errors in development if the user is developing on a remote host (such as a DigitalOcean droplet), since static resources are served from `hostname.zulipdev.org`, and the realm is served from `realmname.hostname.zulipdev.org`. It also silenced blueslip reporting in production for any non-default (non-"") realms. Sentry reporting, Vagrant developments, and truly ancient or insecure browsers were unaffected. Add the necessary `crossorigin="anonymous"` attribute to the `<script>` tag to allow blueslip access to this error information.
2025-10-23 04:52:12 +00:00 · 2023-04-06 17:46:47 +00:00
parent a96cfb58bd
commit 1833afee6a
2 changed files with 2 additions and 1 deletions
--- a/web/webpack.config.ts
+++ b/web/webpack.config.ts
@@ -171,6 +171,7 @@ export default (
                  // (https://github.com/webpack/webpack/issues/11937)
                  (pathData) => "files" + path.join("/", pathData.filename!),
            chunkFilename: production ? "[contenthash].js" : "[id].js",
+            crossOriginLoading: "anonymous",
        },
        resolve: {
            ...baseConfig.resolve,