On websites where cross-origin-embedder-policy is set to require-corp (MDN ref), it should be possible to add attribute crossorigin to the DAP script tag to ensure the response satisfies the policy. For example,
<script id="_fed_an_ua_tag" async crossorigin="" src="https://dap.digitalgov.gov/Universal-Federated-Analytics-Min.js?agency=DOT"></script>
While this works for Universal-Federated-Analytics-Min.js, dynamically added script https://dap.digitalgov.gov/web-vitals/dist/web-vitals.attribution.iife.js does not include this attribute, nor does its response include any CORS headers, and so it is blocked from loading:
On websites where
cross-origin-embedder-policyis set torequire-corp(MDN ref), it should be possible to add attributecrossoriginto the DAP script tag to ensure the response satisfies the policy. For example,While this works for
Universal-Federated-Analytics-Min.js, dynamically added scripthttps://dap.digitalgov.gov/web-vitals/dist/web-vitals.attribution.iife.jsdoes not include this attribute, nor does its response include any CORS headers, and so it is blocked from loading: