close
Guide
Config
Plugin
API
Community
Guide
Config
Plugin
API
Community

html.crossorigin

  • Type: boolean | 'anonymous' | 'use-credentials'
  • Default: false

Set the crossorigin attribute of the <script> and <style> tags.

  • If true is passed, it will automatically be set to crossorigin="anonymous".
  • If false is passed, it will not set the crossorigin attr.

Example

export default {
  html: {
    crossorigin: 'anonymous',
  },
  output: {
    assetPrefix: 'https://example.com',
  },
};

After compilation, the <script> tag in HTML becomes:

<script
  defer
  src="https://example.com/static/js/main.js"
  crossorigin="anonymous"
></script>

The <style> tag becomes:

<link
  href="https://example.com/static/css/main.css"
  rel="stylesheet"
  crossorigin="anonymous"
/>
TIP

If the domain of static assets is the same as the current page, Rsbuild will not add the crossorigin="anonymous" attribute, as this attribute is not required for non-cross-domain scenario.

Optional Values

crossorigin can the set to the following values:

  • anonymous: Request uses CORS headers and credentials flag is set to 'same-origin'. There is no exchange of user credentials via cookies, client-side SSL certificates or HTTP authentication, unless destination is the same origin.
  • use-credentials: Request uses CORS headers, credentials flag is set to 'include' and user credentials are always included.