Is there any option to modify crossorigin attribute for built JS static files?
We are trying to pass cookies to static js files generated by nuxt. Because its script type module, only crossorigin="use-credentials" will allow this.
6 Replies
Hi @mkierdev. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave:
----------------------
Based on the provided knowledge sources, I don't have specific information about modifying the
crossorigin
attribute for built JS static files to use-credentials
in Nuxt. However, I can provide some relevant information about how Nuxt handles the crossorigin
attribute:
1. By default, Nuxt Scripts inserts several extra tags to script elements for performance and privacy reasons, including crossorigin="anonymous"
Nuxt Scripts Default Behavior (https://scripts.nuxt.com/docs/guides/key-concepts#default-behavior).
2. For JS static assets, Nuxt consistently sets the crossorigin
attribute Github Issue: Crossorigin attribute (https://github.com/nuxt/nuxt/issues/29128).
3. There's no direct mention of an option to modify the crossorigin
attribute to use-credentials
for built JS static files.
4. If you need to pass cookies from server-side API calls to the client during SSR, Nuxt provides a method to do this, but it doesn't involve modifying the crossorigin
attribute of static JS files Nuxt Data Fetching: Pass Cookies (https://nuxt.com/docs/getting-started/data-fetching#pass-cookies-from-server-side-api-calls-on-ssr-response).
Given this information, it appears that Nuxt doesn't provide a built-in option to modify the crossorigin
attribute for built JS static files to use-credentials
. If this functionality is crucial for your use case, you might need to explore custom solutions or consider raising a feature request with the Nuxt team.
----------------------
Note: you can ask me a follow up question by @ mentioning me again :speech_balloon:
----------------------<@1293534681865654317> Kapa.ai is still learning and improving, please let me know how I did by reacting below.
The issue is as follows: we use cloudflare and in case of DDOS, we will enable Under Attack Mode. It sets a cookie which CF uses to let request in. We can't add that cookie to subdomain, because it's script type module and the request is blocked. If you have another solution on how to setup subdomain and do not alter static js, it would be great 😉
Nuxt
Lifecycle Hooks · Nuxt Advanced
Nuxt provides a powerful hooking system to expand almost every aspect using hooks.
i think you'd be able to hook into the Unhead instance as well when it renders the tags
I thought about it, but it would alter initial HTML response, not dynamic tags (ex: preload inject on scrolling page)