TryGhost/Ghost
1
0
Fork 0
mirror of https://github.com/TryGhost/Ghost.git synced 2024-12-01 13:54:35 +03:00
Code Issues Projects Releases Wiki Activity

Added crossorigin attribute to Portal script

Browse Source 
no refs

- without crossorigin=anonymous attribute, browsers obfuscate error messages from external scripts, which makes error tracking with sentry impossible
- with crossorigin attribute, portal script needs to be served with cors header or browsers will block it
- unpkg already serves the script with `access-control-allow-origin: *`
This commit is contained in:
Rishabh 2021-06-22 12:30:27 +05:30
parent 7e05c402c9
commit 484c9a67c2
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
core/frontend/helpers/ghost_head.js
View File

@ -46,7 +46,7 @@ function getMembersHelper(data) {
const stripeConnectAccountId = settingsCache.get('stripe_connect_account_id');
const colorString = _.has(data, 'site._preview') && data.site.accent_color ? ` data-accent-color="${data.site.accent_color}"` : '';
const portalUrl = config.get('portal:url');
let membersHelper = `<script defer src="${portalUrl}" data-ghost="${urlUtils.getSiteUrl()}"${colorString}></script>`;
let membersHelper = `<script defer src="${portalUrl}" data-ghost="${urlUtils.getSiteUrl()}"${colorString} crossorigin="anonymous"></script>`;
membersHelper += (`<style id="gh-members-styles">${templateStyles}</style>`);
if ((!!stripeDirectSecretKey && !!stripeDirectPublishableKey) || !!stripeConnectAccountId) {
membersHelper += '<script async src="https://js.stripe.com/v3/"></script>';