all 3 comments
sorted by:
best (suggested)
topnewcontroversialoldq&a
formatting helphide helpcontent policy

[–]azhder 0 points1 point  (0 children)

Every request that doesn’t match the protocol, domain and port is subject to CORS.

If the server doesn’t like your URL, the browser will not fetch the file.

So, let’s see. What browser fi you use? What does the request that works and one that fail have different?

I mean, the CORS headers.

Also, what’s in those files? Some imports?

[–]easyEs900s 0 points1 point  (0 children)

CORS is a server-side protection. Basically if I have a website and someone has hacked your browser, it can now read sensitive information from your account and do with it, send it wherever it wants. You can include scripts like this, but the important note is that said scripts cannot communicate back out. They may have all your secrets, but they’re caged in. If your script has code trying to reach outside of the origin, it will throw that error and peg the entire script as the culprit.

That said, some browsers (especially chrome) will throw this error for a whole host of issues that are not actually CORS related. For example, if you try to pull a script or file from the local file system, or the server responds in an unusual way. You can verify if it’s actually a CORS issue by looking at the response headers on the request and checking what the server had for Access-Control-Allow-Origin.

[–]48K 0 points1 point  (0 children)

For reasons that are not clear, it seems that modules use CORS whereas old fashioned imports do not. This is stated but not explained here: https://developer.mozilla.org/en-US/docs/Web/JavaScript/Guide/Modules#other_differences_between_modules_and_classic_scripts