commonWP icon indicating copy to clipboard operation
commonWP copied to clipboard

Published 20 hours ago verified publisher icon dimadin

WordPress 5.4.2: mangled URLs for WordPress core style sheets

Open raph-topo opened this issue 5 years ago • 3 comments

With WordPress 5.4.2, in Firefox 78+ (and a few versions earlier), CommonWP produces a mangled URL for WordPress core style sheets on /wp-login.php:

The resource from “https://cdn.jsdelivr.net/gh/wordpress/[email protected]/wp-admin/css/l10n.min.css'%20integrity='sha384-dSLaYLAmhWaob0aBNNMoTPOKdwoUIlexxia38O4TRqijRM0Obc9A2uu5TxRP6r/H'%20crossorigin='anonymous” was blocked due to MIME type (“text/plain”) mismatch (X-Content-Type-Options: nosniff).
wp-login.php

The resource from “https://cdn.jsdelivr.net/gh/wordpress/[email protected]/wp-admin/css/forms.min.css'%20integrity='sha384-lhiSdgN9OLKjBPHBIYNc7csFRPJPqbivOhWbjOz0mBJP35zTt0YCxM24Au1XGcsK'%20crossorigin='anonymous” was blocked due to MIME type (“text/plain”) mismatch (X-Content-Type-Options: nosniff).
wp-login.php

The resource from “https://cdn.jsdelivr.net/gh/wordpress/[email protected]/wp-includes/css/buttons.min.css'%20integrity='sha384-z6xPsQva+EzntCABrR1YgFh5ccgnZmWVjuvqiHoSCNepCkYFwEQOgQcB7itJ+hNU'%20crossorigin='anonymous” was blocked due to MIME type (“text/plain”) mismatch (X-Content-Type-Options: nosniff).
wp-login.php

The resource from “https://cdn.jsdelivr.net/gh/wordpress/[email protected]/wp-admin/css/login.min.css'%20integrity='sha384-9BVAKbXTVeVOgWabhmO/eJ3F63twpLNx7PX2mTIUdaXfbSp9hAoRa6UoRl4zMHzX'%20crossorigin='anonymous” was blocked due to MIME type (“text/plain”) mismatch (X-Content-Type-Options: nosniff).
wp-login.php

The resource from “https://cdn.jsdelivr.net/gh/wordpress/[email protected]/wp-includes/css/dashicons.min.css'%20integrity='sha384-7C8ocYrcXKR1loNXUOAHzjPE8vNG8p3JYegoiFGi4iky0Z7lBk0PHtW4mBKFRMHq'%20crossorigin='anonymous” was blocked due to MIME type (“text/plain”) mismatch (X-Content-Type-Options: nosniff).
wp-login.php

Indeed, e.g. https://cdn.jsdelivr.net/gh/wordpress/[email protected]/wp-admin/css/l10n.min.css'%20integrity='sha384-dSLaYLAmhWaob0aBNNMoTPOKdwoUIlexxia38O4TRqijRM0Obc9A2uu5TxRP6r/H'%20crossorigin='anonymous returns:

Package size exceeded the configured limit of 50 MB. Try https://github.com/wordpress/wordpress/tree/5.4.2/wp-admin/css/l10n.min.css' integrity='sha384-dSLaYLAmhWaob0aBNNMoTPOKdwoUIlexxia38O4TRqijRM0Obc9A2uu5TxRP6r/H' crossorigin='anonymous instead.

whereas https://cdn.jsdelivr.net/gh/wordpress/[email protected]/wp-admin/css/l10n.min.css returns the proper style sheet.

Disabling CommonWP resoles the issue.

raph-topo avatar Jul 15 '20 22:07 raph-topo

This is an encoding issue somewhere. The link is only https://cdn.jsdelivr.net/gh/wordpress/[email protected]/wp-admin/css/l10n.min.css

The '%20integrity='sha384-dSLaYLAmhWaob0aBNNMoTPOKdwoUIlexxia38O4TRqijRM0Obc9A2uu5TxRP6r/H'%20crossorigin='anonymous part are additional <rel> attributes, not part of the URL.

MartinKolarik avatar Jul 25 '20 20:07 MartinKolarik

Yes indeed. How can I proceed towards fixing the issue? Do you know what could cause this or where I could start looking?

raph-topo avatar Aug 07 '20 16:08 raph-topo

@MartinKolarik Any ideas, please?

raph-topo avatar Sep 03 '20 15:09 raph-topo