Link to the code that reproduces this issue
https://codesandbox.io/p/devbox/jovial-ioana-7gr8qk
To Reproduce
Noticed the following warning coming from Chrome dev tools. We serve assets on a different domain from the Next.js server (assetPrefix: '...' and crossOrigin: 'anonymous' set in next.config.js).
Tracked this down to automatically injected preloads for next/dynamic imports, here:
This does not seem to respect the crossOrigin setting in the Next config.
For the reproduction, CodeSandbox serves assets on the same domain, but you can inspect the HTML for the injected preload link for the LazyComponent chunk and see that it doesn't have the crossorigin attribute:
Current vs. Expected behavior
Would expect the ReactDOM preload call to use the crossOrigin setting from the Next config.
Provide environment information
Operating System:
Platform: darwin
Arch: arm64
Version: Darwin Kernel Version 24.6.0: Mon Jan 19 22:01:13 PST 2026; root:xnu-11417.140.69.708.3~1/RELEASE_ARM64_T8122
Available memory (MB): 16384
Available CPU cores: 8
Binaries:
Node: 24.12.0
npm: 11.6.2
Yarn: 4.12.0
pnpm: N/A
Relevant Packages:
next: 16.2.3
eslint-config-next: N/A
react: N/A
react-dom: N/A
typescript: N/A
Next.js Config:
output: N/A
Which area(s) are affected? (Select all that apply)
Lazy Loading
Which stage(s) are affected? (Select all that apply)
Other (Deployed)
Additional context
I edited the dist file locally in node_modules to pass crossOrigin to this preload call and saw that the links then had the crossorigin attribute. https://github.com/vercel/next.js/blob/canary/packages/next/src/shared/lib/lazy-dynamic/preload-chunks.tsx#L65
Link to the code that reproduces this issue
https://codesandbox.io/p/devbox/jovial-ioana-7gr8qk
To Reproduce
Noticed the following warning coming from Chrome dev tools. We serve assets on a different domain from the Next.js server (
assetPrefix: '...'andcrossOrigin: 'anonymous'set innext.config.js).Tracked this down to automatically injected preloads for next/dynamic imports, here:
next.js/packages/next/src/shared/lib/lazy-dynamic/preload-chunks.tsx
Line 65 in 50847af
This does not seem to respect the
crossOriginsetting in the Next config.For the reproduction, CodeSandbox serves assets on the same domain, but you can inspect the HTML for the injected preload link for the
LazyComponentchunk and see that it doesn't have thecrossoriginattribute:Current vs. Expected behavior
Would expect the ReactDOM
preloadcall to use thecrossOriginsetting from the Next config.Provide environment information
Operating System: Platform: darwin Arch: arm64 Version: Darwin Kernel Version 24.6.0: Mon Jan 19 22:01:13 PST 2026; root:xnu-11417.140.69.708.3~1/RELEASE_ARM64_T8122 Available memory (MB): 16384 Available CPU cores: 8 Binaries: Node: 24.12.0 npm: 11.6.2 Yarn: 4.12.0 pnpm: N/A Relevant Packages: next: 16.2.3 eslint-config-next: N/A react: N/A react-dom: N/A typescript: N/A Next.js Config: output: N/AWhich area(s) are affected? (Select all that apply)
Lazy Loading
Which stage(s) are affected? (Select all that apply)
Other (Deployed)
Additional context
I edited the dist file locally in
node_modulesto passcrossOriginto thispreloadcall and saw that the links then had thecrossoriginattribute. https://github.com/vercel/next.js/blob/canary/packages/next/src/shared/lib/lazy-dynamic/preload-chunks.tsx#L65