Subresource Integrity (SRI) / CORS (crossorigin) for jQuery causing Safari errors
I'm working on webflow.com, which uses jQuery for some basic menu dropdowns. We've noticed that in Safari, Cookiebot can cause the library to fail loading. Sometimes, not always.
<script src="https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.4.1.min.220afd743d.js" type="text/javascript" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous">
The errors:
- [Error] Origin https://x.webflow.io is not allowed by Access-Control-Allow-Origin.
- [Error] Failed to load resource: Origin https://x.webflow.io is not allowed by Access-Control-Allow-Origin. (jquery-3.4.1.min.220afd743d.js, line 0)
- [Error] Cross-origin script load denied by Cross-Origin Resource Sharing policy.
Is there any way to whitelist this script on the Cookiebot side? We can't change the jQuery script tag.
-
Hi Forrest O.
From the above described information I think that this is most likely a security issue caused by the
crossorigin
attribute.
However, I could not see how Cookiebot should have anything to do with this and block jQuery by preventing the script from loading. Could you please send us an example URL where we can see the problem and further in order to find out what might went wrong and help you solve the issue afterwards.
You could post the URL in question here or send it to support@cookiebot.com
Regards,
Spas0 -
Hey! Have you figured this out?
We have the exact same problem with cookiebot blocking this jquery script from being loaded.
The jQuery is automatically loaded by webflow and not something custom.
As soon as I add the cookiebot script, the navigation stops working due to missing jquery0 -
Hi malua
Cookiebot does not prevent from loading or block scripts which does not set cookies on the website, could you please check it any cookies are set when jQuery is automatically loaded by webflow.
However, this is unusual behavior which needs to be investigated. Could you please send us the domain where we can see the problem and inspect it. Any information would be useful in order to detect the issue and find a solution.
Regards,
Spas0 -
malua if you load the script direct via GTM it will work.
Best,
Jacques0
Please sign in to leave a comment.
Comments
4 comments