HTML <script> crossorigin attribute
Definition and Usage
crossorigin Sets the request mode to HTTP CORS request.
Web pages often send requests to load resources on other servers. This is where CORS comes into play.
Cross-domain requests are requests for resources from another domain (such as stylesheets, iframes, images, fonts, or scripts).
CORS is used to manage cross-domain requests.
CORS stands for Cross-Origin Resource Sharing, which is a mechanism that allows resources on a web page to be requested from another domain outside of its own. It defines how browsers and servers interact to determine whether cross-origin requests are safe. CORS allows servers to specify who can access resources on the server, as well as many other features.
Tip:In contrast to cross-domain requests, same-origin requests are allowed. This means that the web page can only interact with other documents that are also on the same server. This strategy enforces that documents that interact with each other must have the same origin (domain).
Tip:See also integrity attribute.
Example
This is a link to a .js file on another server. We also use the integrity and crossorigin attributes here:
<script src="https://code.jquery.com/jquery-3.3.1.slim.min.js"> integrity="sha384-q8i/X+965DzO0rT7abK41JStQIAqVgRVzpbzo5smXKp4YfRvH+8abtTE1Pi6jizo" crossorigin="anonymous"> </script>
Syntax
<script crossorigin="anonymous|use-credentials">
Attribute Value
| Value | Description |
|---|---|
|
Define the mode of CORS requests:
|
Browser Support
The numbers in the table indicate the first browser version to fully support this attribute.
| Chrome | Edge | Firefox | Safari | Opera |
|---|---|---|---|---|
| Chrome | Edge | Firefox | Safari | Opera |
| 30.0 | 18.0 | 13.0 | 13.0 | 12.1 |
