Your Environment

• flatpickr version used: 4.6.3 and 4.6.13
• Browser name and version: Chrome 109
• OS and version: Windows 11

Recently we've been logging security errors from Flatpickr in Sentry. The issue doesn't appear to be widespread, so far only logged about 20 times, but I have been unable to recreate it and, frankly, I'm baffled.

All of the events logged are from mobile devices, including OS Android 10-12, and iOS 15-16. The events logged so far include both Chrome Mobile 108-109 and Mobile Safari 15-16.

The exception message varies by OS, but I'm guessing it's the same issue. For Android users, the exception is "Failed to read the 'cssRules' property from 'CSSStyleSheet': Cannot access rules". For iOS the exception is, "Not allowed to access cross-origin stylesheet".

We use Flatpickr in two different applications. One implementation calls Flatpickr CSS and JS files from our server, and both resources have the same domain. The other implementation calls Flatpickr resources via CDN. The exception is being logged from both applications, which confuses me even more, since the one implementation has the files hosted on our server (how can there be a cross-origin issue if the files are on the same server and domain?).

The line of code that Sentry has highlighted in the stack track is
{snip} styleSheets.length;n++){var t=document.styleSheets[n];if(t.cssRules){try{t.cssRules}catch(e){continue}e=t;break}}return null!=e?e:(a=documen {snip}

Has anyone else run into this problem?