Skip to content
This repository has been archived by the owner on Jan 11, 2023. It is now read-only.

Module isn't fetched with credentials #458

Closed
Rich-Harris opened this issue Oct 1, 2018 · 0 comments
Closed

Module isn't fetched with credentials #458

Rich-Harris opened this issue Oct 1, 2018 · 0 comments

Comments

@Rich-Harris
Copy link
Member

In my current case, I'm building an app behind an IAP interstitial, but this will no doubt also apply to some cases where assets are hosted on a separate domain to the app itself once we get round to #437, whatever form it takes.

Sapper writes this code to the page:

try{
  new Function("import('/client/client.939216c0.js')")();
}catch(e){
  var s=document.createElement("script");
  s.src="/client/shimport@0.0.11.js";
  s.setAttribute("data-main","/client/client.939216c0.js");
  document.head.appendChild(s);
}

When IAP is involved you have to pay for everything with a cookie. Regular script tags are fine, but modules are not. Since there's currently no way to use credentials with import(...), that presumably needs to become something like this:

var s=document.createElement("script");
try{
  new Function("if(0){import('')}")();
  s.type='module';
  s.crossorigin='use-credentials';
  s.src='/client/client.939216c0.js'
}catch(e){
  s.src="/client/shimport@0.0.11.js";
  s.setAttribute("data-main","/client/client.939216c0.js");
}
document.head.appendChild(s);
Rich-Harris added a commit that referenced this issue Oct 2, 2018
@Rich-Harris
Merge pull request #459 from sveltejs/gh-458
48b1faf 
inject a <script> with crossOrigin - fixes #458
@Rich-Harris Rich-Harris mentioned this issue Oct 25, 2018
Open
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@Rich-Harris