Cross-domain Script Errors
If you’ve ever come across a “Script Error” on line 0, you’ve run afoul of the Same Origin Policy. This happens when there’s an error during the first pass of a cross-domain script.
The browser obscures the real error message to close a security vulnerability that can be used to read information from other sites the user may be logged into. Debugging script errors can be tricky because although the developer console contains the correct error message and line number, both
window.onerror and Bugsnag can only show you “Script Error.”
Summary of when error messages are visible
Browsers disagree on which errors should be obscured, and which should be visible. Firefox takes the view that only SyntaxErrors are a problem, whereas Chrome and Safari take a more conservative view. In those browsers any Error that happens when running the script is also obscured.
* This is a security vulnerability.
Enabling CORS for script tags requires two steps.
Configure your web-server to send the CORS header.
Add the “crossorigin” attribute to your script tag.