N
Nuxt2mo ago
mkierdev

Is there any option to modify crossorigin attribute for built JS static files?

We are trying to pass cookies to static js files generated by nuxt. Because its script type module, only crossorigin="use-credentials" will allow this.
6 Replies
kapa.ai
kapa.ai2mo ago
Hi @mkierdev. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base. :wave: ---------------------- Based on the provided knowledge sources, I don't have specific information about modifying the crossorigin attribute for built JS static files to use-credentials in Nuxt. However, I can provide some relevant information about how Nuxt handles the crossorigin attribute: 1. By default, Nuxt Scripts inserts several extra tags to script elements for performance and privacy reasons, including crossorigin="anonymous" Nuxt Scripts Default Behavior (https://scripts.nuxt.com/docs/guides/key-concepts#default-behavior). 2. For JS static assets, Nuxt consistently sets the crossorigin attribute Github Issue: Crossorigin attribute (https://github.com/nuxt/nuxt/issues/29128). 3. There's no direct mention of an option to modify the crossorigin attribute to use-credentials for built JS static files. 4. If you need to pass cookies from server-side API calls to the client during SSR, Nuxt provides a method to do this, but it doesn't involve modifying the crossorigin attribute of static JS files Nuxt Data Fetching: Pass Cookies (https://nuxt.com/docs/getting-started/data-fetching#pass-cookies-from-server-side-api-calls-on-ssr-response). Given this information, it appears that Nuxt doesn't provide a built-in option to modify the crossorigin attribute for built JS static files to use-credentials. If this functionality is crucial for your use case, you might need to explore custom solutions or consider raising a feature request with the Nuxt team. ---------------------- Note: you can ask me a follow up question by @ mentioning me again :speech_balloon: ----------------------
kapa.ai
kapa.ai2mo ago
<@1293534681865654317> Kapa.ai is still learning and improving, please let me know how I did by reacting below.
mkierdev
mkierdevOP2mo ago
The issue is as follows: we use cloudflare and in case of DDOS, we will enable Under Attack Mode. It sets a cookie which CF uses to let request in. We can't add that cookie to subdomain, because it's script type module and the request is blocked. If you have another solution on how to setup subdomain and do not alter static js, it would be great 😉
harlan
harlan2mo ago
Nuxt
Lifecycle Hooks · Nuxt Advanced
Nuxt provides a powerful hooking system to expand almost every aspect using hooks.
harlan
harlan2mo ago
i think you'd be able to hook into the Unhead instance as well when it renders the tags
mkierdev
mkierdevOP2mo ago
I thought about it, but it would alter initial HTML response, not dynamic tags (ex: preload inject on scrolling page)
Want results from more Discord servers?
Add your server