Subject: Inquiry Regarding Subresource Integrity (SRI) Support and CORS Headers
I am writing to inquire about the support for Subresource Integrity (SRI) in your services. Specifically, I would like to know if you provide endpoints or resources to retrieve integrity hashes for your scripts.
In an attempt to implement SRI, I generated hashes locally for your scripts. However, I encountered an issue where the scripts are blocked due to the absence of the appropriate ‘Access-Control-Allow-Origin’ header in the response. This suggests that the necessary CORS headers are not being sent.
Could you please provide guidance on enabling SRI for your scripts and advise on configuring the correct CORS headers to facilitate this?
Hello,
Thank you for reaching out and for your patience.
You are correct that our scripts served through sdk.woosmap.com currently do not include the Access-Control-Allow-Origin header, which is necessary for enabling Subresource Integrity (SRI).
We are working on updating our configuration to include the appropriate CORS headers, specifically the Access-Control-Allow-Origin header.
I will keep you informed as soon as this update is implemented. Thank you for bringing this to our attention, and please feel free to reach out if you have any further questions or concerns.
Could you provide a clear timeline for when the update to include CORS headers will be implemented? This is an important issue for us, and knowing the expected timeframe is essential to ensure proper integration on our side.