document corner case where cross-origin resources are statically imported instead of just included

Question

document corner case where cross-origin resources are statically imported instead of just included

Closed this issue 3 months ago · 1 comments

When <script> elements referring to cross-origin resources do not include the type="module" annotation or the integrity attribute, Astro/Vite might decide to create a new module that imports the original resource, instead of leaving the original reference.

This can be problematic because of how the CSP script-src is constructed. While we look for a more permanent and solid workaround, this problem should be properly documented in the documentation site.

Answer 1 · 2024-10-01T10:53:32.000Z

This was documented a while ago.