The HTML <script> crossorigin Attribute is used for loading an external script into their domain from a third party server or another domain with the support of HTTP CORS Request. This attribute is used to protect sensitive information from the third party when fetching out the results.
Cross-Origin Resource Sharing(CORS) is a tool that allows web pages requesting for resources from another domain that is outside of their own domain. It is also used for managing cross-origin requests which is a request for a resource from an outside domain.
Syntax:
<script crossorigin="anonymous | use-credentials">
Attribute Values:
- anonymous: It has a default value. It defines a CORS request will be sent without passing the credentials information.
- use-credentials: A cross-origin request will be sent with credentials, cookies, and certificate.
Note: This attribute is only valid for use if we try to fetch the resources from the third party domain.
Example: Below code illustrates the use of crossorigin attribute with the <script> element.
HTML
<!DOCTYPE html>
<html>
<head>
<title>HTML script crossorigin Attribute</title>
</head>
<body style="text-align: center">
<h1>GeeksForGeeks</h1>
<h2>HTML script crossorigin Attribute</h2>
<br />
<button>Submit</button>
<script type="text/javascript"
src="my_script.js" crossorigin="anonymous">
</script>
</body>
</html>
|
Output:
Supported Browsers:
- Google Chrome 30.0 and above
- Internet Explorer not supported
- Firefox 13.0 and above
- Microsoft Edge 18.0 and above
- Opera 12.0 and above
- Safari