Capturing cross-domain script errors

BugSnag ignores cross domain script errors by default, because they contain no useful information. You can fix this by loading your script using CORS.

Overview

  1. Add the CORS header to your web-server.

    Access-Control-Allow-Origin: *
    
  2. Add the crossorigin attribute to your script tag.

    <script src="//cdn.example.com/site.js" crossorigin></script>
    

For more information, see our blog post.

Webserver instructions

nginx

  1. Use the following configuration snippet. Replace /assets/by the path that contains your javascript.

    location /assets/ {
      add_header 'Access-Control-Allow-Origin: *';
    }
    

Amazon S3

  1. Log into the S3 Console
  2. Open your bucket
  3. Click “Properties” in the top right.
  4. Under “Permissions” click “Add CORS Configuration”.
  5. Use the following policy

    <?xml version="1.0" encoding="UTF-8"?>
    <CORSConfiguration xmlns="http://s3.amazonaws.com/doc/2006-03-01/">
        <CORSRule>
            <AllowedOrigin>*</AllowedOrigin>
            <AllowedMethod>GET</AllowedMethod>
            <MaxAgeSeconds>1209600</MaxAgeSeconds>
        </CORSRule>
    </CORSConfiguration>
    

Amazon Cloudfront

  1. In Cloudfront, under Distribution Settings, Behaviors, click “Create Behavior”.
  2. Set the “Path Pattern” to *
  3. Under “Forward Headers” select “Whitelist” and add “Origin” to the whitelist.
  4. Save the behavior.

Known Issues

There is currently a Safari bug where cross-domain script errors are not captured. Currently enabling CORS capture as suggested above will have no effect when using Safari.