HTML <script> crossorigin Attribute
Example
Here is a link to a .js file on another server. Here we use both the integrity and crossorigin attributes:
<script src="https://code.jquery.com/jquery-3.3.1.slim.min.js"
integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo"
crossorigin="anonymous">
</script>
Definition and Usage
The crossorigin
attribute sets the mode of the request to an HTTP CORS Request.
Web pages often make requests to load resources on other servers. Here is where CORS comes in.
A cross-origin request is a request for a resource (e.g. style sheets, iframes, images, fonts, or scripts) from another domain.
CORS is used to manage cross-origin requests.
CORS stands for Cross-Origin Resource Sharing, and is a mechanism that allows resources on a web page to be requested from another domain outside their own domain. It defines a way of how a browser and server can interact to determine whether it is safe to allow the cross-origin request. CORS allows servers to specify who can access the assets on the server, among many other things.
Tip: The opposite of cross-origin requests is same-origin requests. This means that a web page can only interact with other documents that are also on the same server. This policy enforces that documents that interact with each other must have the same origin (domain).
Tip: Also look at the
integrity
attribute.
Browser Support
The numbers in the table specify the first browser version that fully supports the attribute.
Attribute | |||||
---|---|---|---|---|---|
crossorigin | 30.0 | 18.0 | 13.0 | 13.0 | 12.1 |
Syntax
<script crossorigin="anonymous|use-credentials">
Attribute Values
Value | Description |
---|---|
anonymous use-credentials |
Specifies the mode of the CORS request:
|
❮ HTML <script> tag