From a396a4e6664505dde33ff2f8d47448518314b545 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Tor=20Arne=20Vestb=C3=B8?= Date: Mon, 10 Jun 2019 22:41:59 +0200 Subject: [PATCH 01/12] Pass credentials (cookies e.g.) when loading JavaScript assets (#3259) The behavior of 'crossorigin' without a value is the same as anonymous, which means user credentials such as cookies, client-side SSL certificates or HTTP authentication will not be passed on. We want the preload links to work even when they are behind a proxy that requires an authentication cookie, such as Cloudflare Access (CF_Authorization), so we need to explicitly send credentials with the "use-credentials" value. ES modules are always fetched with CORS, with anonymous being the default. Some browsers (Chromium) will realize that the request is to the same origin, and send credentials anyways, while others (Safari) will not, so we need to explicitly send credentials to make sure they load in all cases. See https://jakearchibald.com/2017/es-modules-in-browsers/ --- src/html/authorize.html.template | 4 ++-- src/html/index.html.template | 4 ++-- src/html/onboarding.html.template | 4 ++-- 3 files changed, 6 insertions(+), 6 deletions(-) diff --git a/src/html/authorize.html.template b/src/html/authorize.html.template index 7adeebd2cc..6833ede06e 100644 --- a/src/html/authorize.html.template +++ b/src/html/authorize.html.template @@ -2,7 +2,7 @@ Home Assistant - + -