Nuxt•14mo ago

Is there any option to modify crossorigin attribute for built JS static files?

We are trying to pass cookies to static js files generated by nuxt. Because its script type module, only crossorigin="use-credentials" will allow this.

kapa.ai•11/14/24, 9:29 AM

Hi @mkierdev. I'm kapa.ai, your friendly support bot. I will try to answer your question by searching through the knowledge base.

kapa.ai•11/14/24, 9:30 AM

----------------------
Based on the provided knowledge sources, I don't have specific information about modifying the crossorigincrossorigin attribute for built JS static files to use-credentialsuse-credentials in Nuxt. However, I can provide some relevant information about how Nuxt handles the crossorigincrossorigin attribute:

By default, Nuxt Scripts inserts several extra tags to script elements for performance and privacy reasons, including crossorigin="anonymous"crossorigin="anonymous" Nuxt Scripts Default Behavior (https://scripts.nuxt.com/docs/guides/key-concepts#default-behavior).
For JS static assets, Nuxt consistently sets the crossorigincrossorigin attribute Github Issue: Crossorigin attribute (https://github.com/nuxt/nuxt/issues/29128).
There's no direct mention of an option to modify the crossorigincrossorigin attribute to use-credentialsuse-credentials for built JS static files.
If you need to pass cookies from server-side API calls to the client during SSR, Nuxt provides a method to do this, but it doesn't involve modifying the crossorigincrossorigin attribute of static JS files Nuxt Data Fetching: Pass Cookies (https://nuxt.com/docs/getting-started/data-fetching#pass-cookies-from-server-side-api-calls-on-ssr-response).

Given this information, it appears that Nuxt doesn't provide a built-in option to modify the crossorigincrossorigin attribute for built JS static files to use-credentialsuse-credentials. If this functionality is crucial for your use case, you might need to explore custom solutions or consider raising a feature request with the Nuxt team.
----------------------
Note: you can ask me a follow up question by @ mentioning me again

----------------------

kapa.ai•11/14/24, 9:30 AM

@1293534681865654317 Kapa.ai is still learning and improving, please let me know how I did by reacting below.

mkierdevOP•11/14/24, 9:34 AM

The issue is as follows: we use cloudflare and in case of DDOS, we will enable Under Attack Mode. It sets a cookie which CF uses to let request in. We can't add that cookie to subdomain, because it's script type module and the request is blocked. If you have another solution on how to setup subdomain and do not alter static js, it would be great

harlan•11/15/24, 6:50 AM

probably https://nuxt.com/docs/guide/going-further/hooks#server-hooks-runtime

Nuxt

Lifecycle Hooks · Nuxt Advanced

Nuxt provides a powerful hooking system to expand almost every aspect using hooks.

harlan•11/15/24, 6:51 AM

i think you'd be able to hook into the Unhead instance as well when it renders the tags

Hharlan probably https://nuxt.com/docs/guide/going-further/hooks#server-hooks-runtime

mkierdevOP•11/18/24, 9:05 AM

I thought about it, but it would alter initial HTML response, not dynamic tags (ex: preload inject on scrolling page)