I'm looking for a way to programmatically detect (using JavaScript) whether a resource load on my page (over which I have full control) was blocked by Cross-Origin Resource Blocking.
For instance, because the response from https://example.com
has Content-Type text/html; charset=UTF-8
, the following HTML code would trigger a CORB error in Chromium-based browsers:
<script src="https://example.com"></script>
But how can I detect that it occurred? Simply adding a handler for the error
event on the script element isn't working; for instance, the following code doesn't open a dialog box:
<script src="https://example.com" onerror="alert('CORB!')"></script>
Note that I'm not interested in fixing the CORB error or inspecting the contents of the CORB error; I'm only interested in detecting programmatically whether a CORB error occurred. Is that even possible?
I'm happy to be proven wrong but, according to what I've read so far, programmatically detecting whether a CORB error occurred is impossible, at least in general.
However, in some cases, you may be able to leak some information cross-origin:
(source: https://xsleaks.dev/docs/attacks/browser-features/corb/)