Is there any option to modify crossorigin attribute for built JS static files?
We are trying to pass cookies to static js files generated by nuxt. Because its script type module, only crossorigin="use-credentials" will allow this.
5 Replies
Hi @mkierdev. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
----------------------
Based on the provided knowledge sources, I don't have specific information about modifying the
crossorigin attribute for built JS static files to use-credentials in Nuxt. However, I can provide some relevant information about how Nuxt handles the crossorigin attribute:
1. By default, Nuxt Scripts inserts several extra tags to script elements for performance and privacy reasons, including crossorigin="anonymous" Nuxt Scripts Default Behavior (https://scripts.nuxt.com/docs/guides/key-concepts#default-behavior).
2. For JS static assets, Nuxt consistently sets the crossorigin attribute Github Issue: Crossorigin attribute (https://github.com/nuxt/nuxt/issues/29128).
3. There's no direct mention of an option to modify the crossorigin attribute to use-credentials for built JS static files.
4. If you need to pass cookies from server-side API calls to the client during SSR, Nuxt provides a method to do this, but it doesn't involve modifying the crossorigin attribute of static JS files Nuxt Data Fetching: Pass Cookies (https://nuxt.com/docs/getting-started/data-fetching#pass-cookies-from-server-side-api-calls-on-ssr-response).
Given this information, it appears that Nuxt doesn't provide a built-in option to modify the crossorigin attribute for built JS static files to use-credentials. If this functionality is crucial for your use case, you might need to explore custom solutions or consider raising a feature request with the Nuxt team.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------<@1293534681865654317> Kapa.ai is still learning and improving, please let me know how I did by reacting below.
The issue is as follows: we use cloudflare and in case of DDOS, we will enable Under Attack Mode. It sets a cookie which CF uses to let request in. We can't add that cookie to subdomain, because it's script type module and the request is blocked. If you have another solution on how to setup subdomain and do not alter static js, it would be great 😉
Nuxt
Lifecycle Hooks · Nuxt Advanced
Nuxt provides a powerful hooking system to expand almost every aspect using hooks.
i think you'd be able to hook into the Unhead instance as well when it renders the tags