While implementing some “preconnect” links on a site the other day, I needed to determine whether or not the domains that I wanted to preconnect to needed the crossorigin attribute.
And I was shocked to find that Google was not very helpful…
Searches for things like “how to tell if a resource needs crossorigin” or “devtools resource check crossorigin” returned result-after-result of something like “here’s how to implement crossorigin” or endless articles explaining what CORS is, but all in such engineering-speak that I could make neither heads nor tails of how to check a resource…
What I was looking for was something like:
- Open a page in my browser,
- Click a resource in DevTools,
- Somehow know whether it needs
crossoriginor not…
I finally found my answer, thanks to Andy Davies:
Requests with
sec-fetch-mode: corsis normally a pretty good hint that apreconnectneeds thecrossorigin/crossorigin="anonymous”attribute
Which should look something like this:
And being a very thoughtful and thorough individual, Andy even made sure to clarify that “(empty attribute is the same as anon)”. :-)
So, for anyone else out there that is looking for this answer (including future-me), there it is…
Happy crossorigining,
Atg
[…] How do I know if a resource needs a `crossorigin` attribute or not? (Aaron T. Grogg) […]
Harry Roberts does a more thorough write-up (as you might expect), maybe some additional nuggets for you:
https://csswizardry.com/2023/12/correctly-configure-preconnections/