“Script Error.” errors in [removed] in Safari only

2020-07-17 16:36发布

问题:

I'm getting "Script Error." when catching errors in window.onerror, even with properly (I think) configured CORS headers on S3.

CORS config:

<?xml version="1.0" encoding="UTF-8"?>
<CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
<CORSRule>
    <AllowedOrigin>*</AllowedOrigin>
    <AllowedMethod>GET</AllowedMethod>
    <AllowedMethod>POST</AllowedMethod>
    <AllowedMethod>PUT</AllowedMethod>
    <AllowedMethod>HEAD</AllowedMethod>
    <MaxAgeSeconds>3000</MaxAgeSeconds>
    <AllowedHeader>*</AllowedHeader>
</CORSRule>
</CORSConfiguration>

HTML:

<script crossorigin src="https://s3.amazonaws.com/safari-script-error/foo.js" />

which contains:

window.addEventListener("keydown", function(event) {
  if (event.keyCode === 69) { // "e" button
    throw new Error("Oh shoot");
  }
});

JS:

window.onerror = function(event) {
  console.log(event);
}

Codepen: https://codepen.io/astashov/pen/yoEvRB

It works fine in Chrome, Firefox and IE11, and only shows "Script error." in Safari (I have Version 10.0.3 (12602.4.8)).

How to make it work in Safari too?

回答1:

How to make it work in Safari too?

You can’t. Current versions of Safari don’t support giving error messages to the onerror callback in the cross-origin case—even if the crossorigin attribute is specified on the script element.

Safari did support it previously, but subsequently regressed at some point.

There’s an open bug for this at https://bugs.webkit.org/show_bug.cgi?id=132945



回答2:

It doesn't appear that CORS is the problem. It appears that support for the global onerror handler isn't in every browser.

See: https://developer.mozilla.org/en-US/docs/Web/API/GlobalEventHandlers/onerror

Actually, it probably is related to CORS.

When a syntax(?) error occurs in a script, loaded from a different origin, the details of the syntax error are not reported to prevent leaking information (see bug 363897). Instead the error reported is simply "Script error." This behavior can be overriden in some browsers using the crossorigin attribute on and having the server send the appropriate CORS HTTP response headers. A workaround is to isolate "Script error." and handle it knowing that the error detail is only viewable in the browser console and not accessible via JavaScript.