Documentation navigation


CDN hosted assets

Your app's assets are hosted on a CDN and you see the following warning message in the browser's web console:

Cross-domain or eval script error detected, error ignored

This is normal browser behaviour and is a consequence of the Same-Origin Policy, a security measure designed to protect your users from Cross-Site Request Forgery (CSRF) attacks. Luckily, this is a fairly easy problem to remedy.

First, on your CDN, add a cross-origin (CORS) header:

Access-Control-Allow-Origin: *

In your app, make sure the crossorigin attribute is present in all your JavaScript tags.

<script type="text/javascript" src="//" crossorigin="anonymous">

Or if you are using a Rails helper:

<%= javascript_include_tag "application", :crossorigin => :anonymous %>

We'd like to set cookies, read why.