SnipWire
SnipWire copied to clipboard
“https://code.jquery.com/jquery-3.3.1.min.js” is not eligible for integrity checks since it’s neither CORS-enabled nor same-origin
Describe the bug
After installing SnipWire, I get this error in the dev console on the frontend:
“https://code.jquery.com/jquery-3.3.1.min.js” is not eligible for integrity checks since it’s neither CORS-enabled nor same-origin
To Reproduce Steps to reproduce the behavior:
- install SnipWire
- open Frontpage
- open dev console and watch for errors
Expected behavior jQuery loads from CDN without problems
Setup/Environment Include relevant details about your environment setup.
- ProcessWire version: 3.0.175
- (Optional) PHP version: 7.4
- (Optional) MySQL version: 5.7.35
- (Optional) Any 3rd party modules that are installed and could be related to the issue: not relevant
Proposed Solution
Add the crossorigin="anonymous"
attribute to the script tag which loads jQuery from CDN. The script tag should read:
<script src="https://code.jquery.com/jquery-3.3.1.min.js" integrity="sha256-FgpCb/KJQlLNfOu91ta32o/NMZxltwRo8QtmkMRdAu8=" crossorigin="anonymous"></script>
I have done this by changing https://github.com/gadgetto/SnipWire/blob/d13d46e2455cd9e1e228ed79cdf90e0c77ac8fe1/MarkupSnipWire/MarkupSnipWire.module.php#L207 to:
$out .= (!empty($snipwireConfig->jquery_js_integrity) ? ' integrity="' . $snipwireConfig->jquery_js_integrity . '" crossorigin="anonymous"' : '');
Thank you for this great module!
Thanks! I'll be fixing this with next version.