Is it possible to use SRI for the recurly.js cdn?
Question
Can the recurly.js be used with SRI integrity ?
I noticed this issue, which closed noting that integrity hashes are included on release notes, which they are . Yet when I tried to test this out on codepen:
<script src="https://js.recurly.com/v3/recurly.js" integrity="sha256-3892b173d276d2ec8b087d6abe3bfee2"></script>
I receive this error in the javascript console:
Subresource Integrity: The resource ' https://js.recurly.com/v3/recurly.js ' has an integrity attribute, but the resource requires the request to be CORS enabled to check the integrity, and it is not. The resource has been blocked because the integrity cannot be enforced.
Am I missing something or did Recurly not enable CORS on that endpoint?
1 answers
solution1
0 2018-02-20 21:30:25
Recurly provides CORS support as of rjs v3.0.9 ( https://github.com/recurly/recurly-js/blob/master/CHANGELOG.md#version-309-november-12-2014 ).
This example is for 3.0.9, but it likely applies on all subsequent releases too. https://github.com/recurly/recurly-js/tree/v3.1.1#beta-features
recurly.configure({ publicKey: 'YOUR PUBLIC KEY', cors: true });
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.