Issue Station
Sign In
Tools hereToolbox

nextjs - ✅(Solved) Fix next/dynamic preloads missing crossOrigin setting [3 pull requests, 1 participants]

Official PRs (…)
ON THIS PAGE

Recommended Tools

×6

Utilities matched from this issue’s tags and category — try them while you read without losing context.

GitHub issue graph ai analysis

Paste a GitHub issue URL. We fetch that issue, discover linked issues from bodies/comments/timeline, collect linked pull requests, and produce a structured English report.

The report is written in English Markdown for sharing and archival.

Helpful · Quick feedback

Loading…
GitHub stats
vercel/next.js#92797Fetched 2026-04-16 06:34:35
View on GitHub
Comments
0
Participants
1
Timeline
2
Reactions
1
Author
wvanrensselaerwvanrensselaer
Participants
wvanrensselaerwvanrensselaer
Timeline (top)
issue_type_added ×1labeled ×1

PR fix notes

PR #92874: Add crossOrigin config attribute to preloads in next/dynamic

Description (problem / solution / changelog)

Fixes #92797

Tests added.

One thing to keep in mind while looking into this is that crossorigin="anonymous" and crossorigin="" are actually the same, see https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Attributes/crossorigin#sect

I found that react preload, during dev builds, coerces cross origin from anonymous to the empty string, see getCrossOriginStrings. However, this would not happen during tests for reasons I'm unsure of.

Changed files

  • packages/next/src/shared/lib/lazy-dynamic/preload-chunks.tsx (modified, +5/-1)
  • test/development/basic/next-dynamic/next-dynamic-cross-origin.test.ts (added, +73/-0)

PR #92904: fix(lazy-dynamic): pass crossOrigin to preload call for next/dynamic chunks

Description (problem / solution / changelog)

Summary

When assetPrefix and crossOrigin are configured in next.config.js, the ReactDOM.preload() call for next/dynamic scripts was missing the crossOrigin option, causing CORS warnings in Chrome when assets are served from a different domain.

Fix

Use process.env.__NEXT_CROSS_ORIGIN (the same env variable used by the client-side route-loader) to pass the configured crossOrigin value to preload(), consistent with how other parts of Next.js handle this.

Fixes #92797

Changed files

  • packages/next/src/shared/lib/lazy-dynamic/preload-chunks.tsx (modified, +2/-0)

PR #92913: fix(lazy-dynamic): pass crossOrigin to preload call for next/dynamic chunks

Description (problem / solution / changelog)

Summary

When assetPrefix and crossOrigin are configured in next.config.js, the ReactDOM.preload() call for next/dynamic scripts was missing the crossOrigin option, causing CORS warnings in Chrome when assets are served from a different domain.

Fix

Use process.env.__NEXT_CROSS_ORIGIN (the same env variable used by the client-side route-loader) to pass the configured crossOrigin value to preload(), consistent with how other parts of Next.js handle this.

Fixes #92797

Test plan

  • Configure assetPrefix and crossOrigin in next.config.js
  • Use next/dynamic to lazy-load a component
  • Verify no CORS warnings appear in Chrome DevTools
<!-- NEXT_JS_LLM_PR -->

Changed files

  • packages/next/src/shared/lib/lazy-dynamic/preload-chunks.tsx (modified, +1/-0)

Code Example

Operating System:
  Platform: darwin
  Arch: arm64
  Version: Darwin Kernel Version 24.6.0: Mon Jan 19 22:01:13 PST 2026; root:xnu-11417.140.69.708.3~1/RELEASE_ARM64_T8122
  Available memory (MB): 16384
  Available CPU cores: 8
Binaries:
  Node: 24.12.0
  npm: 11.6.2
  Yarn: 4.12.0
  pnpm: N/A
Relevant Packages:
  next: 16.2.3
  eslint-config-next: N/A
  react: N/A
  react-dom: N/A
  typescript: N/A
Next.js Config:
  output: N/A
RAW_BUFFERClick to expand / collapse

Link to the code that reproduces this issue

https://codesandbox.io/p/devbox/jovial-ioana-7gr8qk

To Reproduce

Noticed the following warning coming from Chrome dev tools. We serve assets on a different domain from the Next.js server (assetPrefix: '...' and crossOrigin: 'anonymous' set in next.config.js).

<img width="626" height="62" alt="Image" src="https://github.com/user-attachments/assets/8c3e3aa9-26fb-476e-b797-038a1cefd753" />

Tracked this down to automatically injected preloads for next/dynamic imports, here: https://github.com/vercel/next.js/blob/50847afec4e3e0e71ac655afa02edc8340b669dc/packages/next/src/shared/lib/lazy-dynamic/preload-chunks.tsx#L65

This does not seem to respect the crossOrigin setting in the Next config.

For the reproduction, CodeSandbox serves assets on the same domain, but you can inspect the HTML for the injected preload link for the LazyComponent chunk and see that it doesn't have the crossorigin attribute:

<img width="254" height="63" alt="Image" src="https://github.com/user-attachments/assets/fc4cd658-e4fe-4d82-8109-7fc6ea32641c" />

Current vs. Expected behavior

Would expect the ReactDOM preload call to use the crossOrigin setting from the Next config.

Provide environment information

Operating System:
  Platform: darwin
  Arch: arm64
  Version: Darwin Kernel Version 24.6.0: Mon Jan 19 22:01:13 PST 2026; root:xnu-11417.140.69.708.3~1/RELEASE_ARM64_T8122
  Available memory (MB): 16384
  Available CPU cores: 8
Binaries:
  Node: 24.12.0
  npm: 11.6.2
  Yarn: 4.12.0
  pnpm: N/A
Relevant Packages:
  next: 16.2.3
  eslint-config-next: N/A
  react: N/A
  react-dom: N/A
  typescript: N/A
Next.js Config:
  output: N/A

Which area(s) are affected? (Select all that apply)

Lazy Loading

Which stage(s) are affected? (Select all that apply)

Other (Deployed)

Additional context

I edited the dist file locally in node_modules to pass crossOrigin to this preload call and saw that the links then had the crossorigin attribute. https://github.com/vercel/next.js/blob/canary/packages/next/src/shared/lib/lazy-dynamic/preload-chunks.tsx#L65

extent analysis

TL;DR

  • The issue can be fixed by modifying the preload-chunks.tsx file to respect the crossOrigin setting from the Next config.

Guidance

  • Verify that the crossOrigin setting is correctly configured in next.config.js to ensure it is set to 'anonymous'.
  • Check the preload-chunks.tsx file to see if the crossOrigin attribute is being passed to the preload call.
  • Consider editing the preload-chunks.tsx file locally to pass crossOrigin to the preload call as a temporary workaround.
  • Review the Next.js documentation to see if there are any existing issues or pull requests related to this problem.

Example

  • The modified preload-chunks.tsx file could look like this:
// ...
link.rel = 'preload';
link.as = 'script';
link.href = url;
if (crossOrigin) {
  link.crossorigin = crossOrigin;
}
// ...

Notes

  • This fix assumes that the issue is caused by the preload-chunks.tsx file not respecting the crossOrigin setting.
  • The temporary workaround of editing the preload-chunks.tsx file locally may not be suitable for production environments.

Recommendation

  • Apply workaround: Modify the preload-chunks.tsx file to pass crossOrigin to the preload call, as this is a targeted fix for the identified issue.

Vote matrix · Quick signals

Works
Did the solution work? Tap to confirm.
Easy Fix
Was it a quick fix?
Time Saver
Did it save you time?
Blocking
Was it severely blocking?
Common Issue
Are others likely hitting this too?
Flaky / Intermittent
Is it intermittent?
Verified / Reproducible
Can you reproduce it reliably?
Loading…
#retriever error#indexing error#inference speed#output truncation#response parsing

Still need to ship something?

×6

Another batch ranked right after the header list — different links, same matching logic.

Back to top recommendations

TRENDING