"Script Error." error possibly originated from NR Browser agent

At least for a last two months we are observing many JavaScript errors with a message “Script error.” and no additional details. Currently we have more than 2.25M per 24hrs of this error and it is really annoying since it is error number one.

After some investigation we are suspecting that this error is originated from New Relic agent and it is because of the next:

Can you review please the CORS configuration of the bam-cell.nr-data.net or maybe make a POST without credentials?


@oleh.burkhay Hey there! Thanks for the questions on seeing a lot of errors being grouped under the generic “Script Error”. I have some guidance here on what that means and how to resolve this.

I’m sharing documentation below that details reasons for the generic script errors and why no stack trace is available to the agent to detect.

JavaScript errors page: Detect and analyze errors | New Relic Documentation

If you click that link to the documentation from your screenshot, I believe it links to the suggestion on enabling CORs, please see link below here.

Third-party JS errors missing stack traces | New Relic Documentation

I hope that points you in the right direction, though let us know if you need anything else. Thank you,

Hi @cfrankenfield, thank you for your suggestions.

But the problem is that the some of the New Relic’s endpoints does not have the correct CORS configuration, when NR want to realize a POST to bam-cell.nr-data.net with credentials include it fails with the error indicated above: The value of the ‘Access-Control-Allow-Origin’ header in the response must not be wildcard ‘*’ when the request’s credentials is 'include’

@oleh.burkhay Thank you for clarifying here. Our documentation suggests using “Access-Control-Allow-Origin: YOUR_DOMAIN” and not a wildcard. That is likely why you are seeing an error message.

I’d suggest changing these settings to match the documentation and please find a few other docs that have more information about CORS:


1 Like

Dear @cfrankenfield, we have the New Relic’s browser agent script loaded on some of our domains, just for example www.mercadopago.com.br as it is already figured on the screenshots provided above.
After some instrumentation this script trying to send some data via POST to bam-cell.nr-data.net, this domain is your. The New Relic’s domain bam-cell.nr-data.net time after time responds with Access-Control-Allow-Origin: * header rejecting the request initiated by New Relic agent as you can see also on the screenshots above.
So you suggesting me to change these settings for domain bam-cell.nr-data.net since, as indicated in documentation provided by you, the response should send the right Access-Control-Allow-Origin header, is it correct? How can I change CORS settings on the New Relic side?

@oleh.burkhay Thanks for the response. I navigated to www.mercadopago.com.br but wasn’t able to replicate the error or see it in the console. Do you have a page that you know you see this CORS message appearing on consistently?

I checked your New Relic account and browser application that is running on the above domain and I do not see any JavaScript Errors reporting as it looks like you might be running the Lite agent. I just wanted to clarify that we are looking at the correct apps as well as I don’t see evidence of “Script error". Did you maybe change the instrumentation to Lite from Pro (or Pro+SPA) recently? (I’m looking at prod.home-landing.)

The endpoint /resources/1 that you are seeing in your stack trace is our Session traces endpoint and at certain intervals our agent will send up that data to your account. You are seeing this in the stack trace because our agent wraps the browser’s built-in APIs to monitor and report on data.

While I can’t advise on how to set up your CORS policy, the documentation below should help link to resources that can. From the docs: Due to possible security concerns, we recommend research before implementing any changes that impact the security of your application or resources. The optimal CORS implementation will depend on the systems you are using and your security considerations.



1 Like