Winter ’21 - "Enable Secure Static Resources for Lightning Components" causes a CORS issue for static resources loaded from an aura component
API , Platform , Lightning , Winter 21
Last updated 2020-11-19 ·Reference W-8267201 ·Reported By 111 users
Summary
Enabling Release Update "Enable Secure Static Resources for Lightning Components" causes a CORS issue for static resources loaded from an aura component
Repro
Steps to repro
In a Winter 21 org (Org A):
Create a simple js static resource that prints a string to the console
Add it to a managed package and upload
In a Winter 21 org (Org B):
Install the managed package
Create a lightning component with the static resource from the package
<aura:component implements="force:appHostable,flexipage:availableForAllPageTypes" access="global" >
<ltng:require scripts="{!$Resource.namespace__resourcename}" afterScriptsLoaded="{!c.scriptsLoaded}" />
<aura:attribute name="feedName" type="String"/>
</aura:component>
3. Add the component to a lightning component tab
4. Open the browser console and open the new tab. The tab should open and the resource loaded.
5. Turn on the CRUC, Enable Secure Static Resources for Lightning Components from release updates setup page. (Its not auto-enabled until Spring 21)
6. If we open the tab now we'll see a CORS error.
Workaround
None
Reported By (111)



















Is it Fixed?
Any unreleased services, features, statuses, or dates referenced in this or other public statements are not currently available and may not be delivered on time or at all. Customers who purchase our services should make their purchase decisions based upon features that are currently available.