Currently, using the --subresource-integrity flag adds the attribute crossorigin="anonymous" to all link/script tags. I just opened a ticket with the Microsoft Edge team because they do not handle this correctly on script tags:
https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/17438887/
This prevents Edge from passing credentials to load scripts even when the script is not cross origin (though it does not present an issue for the links for css).
Is it possible to add an option to configure this in option during build? As far as I can tell there is no way to use crossorigin="use-credentials" or leave the attribute out entirely if you use --subresource-integrity. For now I'll have to remove --subresource-integrity from our builds, but I'd like to add it back if we can specify how to configure the crossorigin attribute (or leave it out).
Currently, using the --subresource-integrity flag adds the attribute crossorigin="anonymous" to all link/script tags. I just opened a ticket with the Microsoft Edge team because they do not handle this correctly on script tags:
https://developer.microsoft.com/en-us/microsoft-edge/platform/issues/17438887/
This prevents Edge from passing credentials to load scripts even when the script is not cross origin (though it does not present an issue for the links for css).
Is it possible to add an option to configure this in option during build? As far as I can tell there is no way to use crossorigin="use-credentials" or leave the attribute out entirely if you use --subresource-integrity. For now I'll have to remove --subresource-integrity from our builds, but I'd like to add it back if we can specify how to configure the crossorigin attribute (or leave it out).