Throwing errors in module code breaks AMD loaders

[semmel]

I load db.js as AMD module with RequireJS.
When a module throws an exception in it's module definition code the whole module loader breaks.
It occurs in this line:

var indexedDB = local.indexedDB || local.webkitIndexedDB || local.mozIndexedDB || local.oIndexedDB || local.msIndexedDB || local.shimIndexedDB || function () {
        throw new Error('IndexedDB required');
    }();

on Firefox if you disable third-party cookies in the settings and access indexedDB from a cross-origin iframe (i.e. simply load db.js via require(['db'], function(db){});. It will throw a SecurityError with code == 18.

I managed to hack around this, but it would be great if the exception would occur not till I actually access the db.js methods.

By the way, great api for IndexedDB. Small, concise and with Promises 👏

[aaronpowell]

Can you post a jsbin reproducing the error? I'll admit to not having used the AMD stuff in a long time, I stick with ES6 modules and transpile with the likes of babel

[semmel]

Here the jsbin.
It just embeds a X-origin iframe which loads db.js and underscore as AMD modules:

require(['db', 'underscore'], function(db, _){
  log("Underscore " + _.VERSION);  // Hello underscore!
  /// Hello db.js!
  db.open({
    server: 'my-app',
    version: 1,
    schema: {
        people: {
            key: {keyPath: 'id', autoIncrement: true},
        }
    }
}).then(function (server) {
    db = server.getIndexedDB();
    log(JSON.stringify(db.objectStoreNames));
    server.close();
});
});

The point is, that on Firefox, with third-party cookies disabled, even the first line log("Underscore " + _.VERSION); never gets executed. Thus the complete app does not run. I guess this is because the AMD loader quits on the SecurityError 18 already during setup of db.js.

On Chrome , with third-party cookies disabled, it is fine: The exception is raised not till db.js is invoked in the lines thereafter. This is because the Chrome team decided to report the security error in the onerror handler of the IndexedDB request instead.

When the browsers are configured to permit third-party cookies the output in the iframe reads

Underscore 1.8.3{"0":"people"}

Disabling cross-domain third-party cookies really helps to protect against user tracking, without sacrificing functionality of web apps. With raising awareness about privacy I guess that is not a rare browser setting.