Safari blocks URL from asking for credentials because it's a cross-origin request

Question

Since iOS 12 Safari blocks my url from asking for credentials because it's a cross-origin request. Everything worked fine with iOS 11. So I think that all headers are set right.

The console output is:

Blocked *URL* from asking for credentials because it is a cross-origin request.

I can't find anything in the release notes that indicates what may have changed.

https://developer.apple.com/documentation/safari_release_notes/safari_12_release_notes

Does anybody of you know what Apple changed in Safari 12 to increase the security / block cross-origin requests from asking for credentials?

Thanks for your help!

Webkit disallowes cross-origin subresources from asking for credentials trac.webkit.org/changeset/228486/webkit but it must be possible to fix this... — Godlike

IPP Nerd IPP Nerd · Accepted Answer · 2019-09-16T09:09:30

Adding crossorigin to the script element should fix this issue according to this answer. Example:

<script src="my-code.js" type="module" crossorigin></script>

See also https://developer.mozilla.org/en-US/docs/Web/HTML/CORS_settings_attributes

Safari blocks URL from asking for credentials because it's a cross-origin request

1 Answers