It’s just a javascript file. It’s not making cross-origin requests. It doesn’t make any XMLHTTPRequest calls. The presence or lack of an “Access-Control-Allow-Origin” header in that context is completely irrelevant if it’s not making any cross-site requests. It won’t improve or degrade performance in any way to have it present or not, when it’s not doing anything that would be affected by that header.
Specifically, that file adjusts sizing on certain types of images to make them more friendly with high-dpi screens. Since it’s just modifying the DOM and not making any external requests, it really doesn’t matter what the headers are for it.
Thanks for the info and context, Samuel. Super helpful. The reason I ask is because if it were loaded asynchronously (e.g. via script loader) and deferred until the page readyState === 'interactive'
the script could be preloaded as the DOM starts streaming in and parsing, rather than waiting.
Async loading would have the benefit of removing the blocking request to an external resource currently being made and improve UX by eliminating a SPOF (in the Steve Souders sense of the word) for all JetPack users.
-
This reply was modified 6 years, 10 months ago by Josh Habdas.
Given this issue was resolved without a solution to the problem presented I’ll look for a workaround. I’m thinking an iFrame embed to circumvent the SOP is going to be the best approach for external resources not providing CORS headers. Kind of like how embeds work in Core. Thanks again for your help.