If you’ve ever come across a “Script Error” on line 0, you’ve run afoul of the Same Origin Policy. This happens when there’s an error during the first pass of a cross-domain script.
The browser obscures the real error message to close a security vulnerability that can be used to read information from other sites the user may be logged into. Debugging script errors can be tricky because although the developer console contains the correct error message and line number, both
window.onerror and Bugsnag can only show you “Script Error.”
I’ve detailed the fix below, which is to enable CORS on your web-server. But first here’s a summary of when errors are visible.
Browsers disagree on which errors should be obscured, and which should be visible. Firefox takes the view that only SyntaxErrors are a problem, whereas Chrome and Safari take a more conservative view. In those browsers any Error that happens when running the script is also obscured.
Enabling CORS for script tags requires two steps