All tags with an integrity attribute should have "crossorigin="anonymous""

Question

All tags with an integrity attribute should have "crossorigin="anonymous""

ryanbrandenburg opened this issue 6 years ago · comments

Ryan Brandenburg commented 6 years ago

Fixed by #779.

Javier Calvarro Nelson · Answer 1 · Tue Oct 16 2018 05:47:48 GMT+0800 (China Standard Time)

What's the reasoning behind this?

Ryan Brandenburg · Answer 2 · Tue Oct 16 2018 05:49:44 GMT+0800 (China Standard Time)

Without it we get errors like:
Subresource Integrity: The resource 'https://cdnjs.cloudflare.com/ajax/libs/twitter-bootstrap/4.1.3/css/bootstrap.min.css' has an integrity attribute, but the resource requires the request to be CORS enabled to check the integrity, and it is not. The resource has been blocked because the integrity cannot be enforced.