Qiita Teams that are logged in
You are not logged in to any team

Log in to Qiita Team
OrganizationEventAdvent CalendarQiitadon (β)
Qiita JobsQiita ZineQiita Blog
Help us understand the problem. What are the problem?

More than 3 years have passed since last update.

crossorigin なしの <link rel="prefetch"> で Amazon S3 上の JS を読んではいけない


Amazon S3 では Origin 送ったときにしか CORS 関係のヘッダを返してくれないっぽい。
<link rel="prefetch"> でリクエストしちゃうと Chrome は origin が付かない上にそれをキャッシュしちゃう。
そして肝心の script タグでの読み込みの時に、そのキャッシュをそのまま使っちゃうので、 CORS ヘッダが無いという理由で読み込みに失敗する :cry:
Vary ヘッダで Access-Control-Allow-Origin とか返せば動きそうだけど、そこも S3 の範疇……。


<!DOCTYPE html>
<html lang="en">
  <meta charset="UTF-8">
  <meta name="viewport" content="initial-scale=1">
  <title>crossorigin test</title>
  <link rel="prefetch" href="https://s3-ap-northeast-1.amazonaws.com/macoshita-test-crossorigin/main.js"
        crossorigin> <!-- important -->
  <h1>crossorigin prefetch test (maybe success)</h1>
  <a id="test" href="javascript:void(0)">Click to load script</a>
    document.getElementById('test').addEventListener('click', function () {
      const script = document.createElement('script')
      script.src = 'https://s3-ap-northeast-1.amazonaws.com/macoshita-test-crossorigin/main.js'
      script.crossOrigin = 'crossorigin'

    }, false)


Why not register and get more from Qiita?
  1. We will deliver articles that match you
    By following users and tags, you can catch up information on technical fields that you are interested in as a whole
  2. you can read useful information later efficiently
    By "stocking" the articles you like, you can search right away
Help us understand the problem. What are the problem?