Not sure what to do about this issue? We found 3 matching community solutions that may help.


Posted 2013-11-06 01:22 pmEdited 2013-11-18 05:15 pm

JavaScript "Script error"

Criteria: title matches ^\(unknown\): Script error|^Error:\s+Script error|^Script error.?$

TL;DR version:

Happens when your JS code is hosted on a different domain (i.e. a CDN). To fix, set Access-Control-Allow-Origin: * on the JS file, and crossorigin="anonymous" on the <script> tag.

Full explanation

"Script Error" happens when an uncaught JavaScript error crosses domain boundaries in violation of the cross-origin policy. For example, if you host your JavaScript code on a CDN, any uncaught errors (errors that bubble up to the window.onerror handler, instead of being caught in try-catch) will get reported as simply "Script error" instead of containing useful information. This is a browser security measure intended to prevent passing data across domains that otherwise wouldn't be allowed to communicate. It's implemented in Firefox and Chrome.

To get the real error messages, do the following:

1. Send the Access-Control-Allow-Origin header

Setting the Access-Control-Allow-Origin header to * signifies that the resource can be accessed properly from any domain. You can replace * with your domain if necessary, for example Access-Control-Allow-Origin: However, handling multiple domains gets tricky, and may not be worth the effort if using a CDN due to caching issues that may arise. See more here.

Here are some examples on how to set this header in various environments:


In the folders where your JavaScript files will be served from, create an .htaccess file with the following contents:

Header add Access-Control-Allow-Origin "*"


Add the add_header directive to the location block that serves your JavaScript files:

location ~ ^/assets/ {
    add_header Access-Control-Allow-Origin *;


Add the following to your asset backend where JavaScript files are served from:

rspadd Access-Control-Allow-Origin:\ *

2. Set crossorigin="anonymous" on the script tag

In your HTML source, for each of the scripts that you've set the access-control-allow-origin header for, set crossorigin="anonymous" on the SCRIPT tag.

Make sure you verify that the header is being sent for the script file before adding the crossorigin property on the script tag. In Firefox, if the crossorigin attribute is present but the Access-Control-Allow-Origin header is not, the script won't be executed.



In IIS, you can use the following code in your web.config:

<location path="assets">
                <add name="Access-Control-Allow-Origin" value="*" />

Anyone know how to set solve this issue with node.js? I'm using the express framework


For future reference for others, this is the node.js with express setup

app.use(function(req, res, next) {
  res.header("Access-Control-Allow-Origin", "*");
  res.header("Access-Control-Allow-Headers", "Origin, X-Requested-With, Content-Type, Accept");

More examples for different platforms here -


I think I'm getting this from extension/malware injected JS on my page as well; bear in mind it may be that.


I'm getting tons of these. Some come from youtube player, some from google's APIs, and lots of them come from custom JS scripts injected by various browser plugins people use on their computers.

My advice is: stop worrying about this error and ignore it (by utilizing ignoredMessages option), unless you have access to the the script that throws the errors and you can fix them.


Correct me if I'm wrong, but these seem to be similar/equivalent errors:

  • Error: Unspecified error. reported from IEMobile.
  • TypeError: Script error. reported from Firefox

I had to troubleshoot one of these today, and actually found that we were serving one of our JavaScript files with Content-Type: text/html by accident due to this issue Changing this to proper application/javascript had done wonders for IE. HTH.


Before anyone actually allows all anonymous websites (by using *) to hijack your user's sessions with access to all HTTP APIs available to the user (by specifying /), you should verify that this is the right decision for your webserver in terms of security.


Any idea how to resolve this for externally hosted script files that you have no control over? I added the crossorigin attribute to the script tag but that didnt solve it.

Comments are parsed with Rollbar-flavored Markdown


Posted 2014-10-21 08:29 amEdited 2014-10-21 10:58 am

JS error with checkpoint abine inject.js

Criteria: title matches \(unknown\)\:\ Script\ error\.

The regex criteria for the "title matches" is for a very vague error. What is the exact error? It is literally reported as "unknown." That being said, you need to take a deeper look at where the error is originating from. In this one particular case, it is being thrown here:

File "" line (unknown) in [anonymous]

Doing a quick google search of "checkpoint abine/scripts/inject.js," I was presented with this solution from mozilla:

I did not verify this, but it seems like this is a common issue other people have been experiencing in regards to this particular script and Firefox extension. I paged through six pages of errors and it does seem to be a Firefox-only issue.


Comments are parsed with Rollbar-flavored Markdown


Posted 2017-03-24 12:58 am

Script tag inside html

Criteria: title matches \(unknown\)\:\ Script\ error\.

We found this error to be caused by scripts running directly on html pages (as opposed to in their own files).

Find the page referenced, then move all the JS into files. That won't fix the bug, but it allows it to become visible to rollbar. From there, you should see more specific errors, at which point you can debug properly.


Comments are parsed with Rollbar-flavored Markdown