[Bug Report] Safari does not send cookie for .js file request, causing full breakage

[p0358]

Describe the bug On my (a bit older) Safari, after logging in the page is blank. The problem is that the JS file isn't loaded, as the cookies for the session aren't sent with the request, so the request is redirected back to login page. The CSS loads successfully.

To Reproduce

1. Have older Safari (like 13.x?)
2. Open Stash page and login
3. See blank page

Expected behavior It should just work.

Stash Version: (from Settings -> About): v0.16.0

Smartphone (please complete the following information):

• Device: [e.g. iPhone6] iPhone6SPlus
• OS: [e.g. iOS8.1] iOS13.5
• Browser [e.g. stock browser, safari] safari
• Version [e.g. 22] 13.5

Additional context So the problem is that:

<script type="module" crossorigin src="assets/index.81a23859.js"></script>

is used. Apparently changing this to crossorigin="use-credentials" seems to fix this issue, for example by executing this into devtools:

var script = document.createElement("script");
script.type = "module";
script.crossOrigin = "use-credentials";
script.src = "assets/index.81a23859.js";
document.head.appendChild(script);

Then everything works as expected. So I see two solutions:

• either somehow make the main html include crossorigin="use-credentials" rather than just crossorigin
• or make assets/ JS and CSS accessible without session cookies

Since the JS import is inserted by vite and it's possibly an upstream bug that's require trickery to fix it locally, I'd personally propose the latter solution, what's the point of authenticating assets directory if the app and its source code is publicly known anyways after all?