Subresource Integrity (SRI) / CORS (crossorigin) for jQuery causing Safari errors

Follow
Avatar
Forrest O.

I'm working on webflow.com, which uses jQuery for some basic menu dropdowns. We've noticed that in Safari, Cookiebot can cause the library to fail loading. Sometimes, not always.

<script src="https://d3e54v103j8qbb.cloudfront.net/js/jquery-3.4.1.min.220afd743d.js" type="text/javascript" integrity="sha256-CSXorXvZcTkaix6Yvo6HppcZGetbYMGWSFlBw8HfCJo=" crossorigin="anonymous">

The errors:

  • [Error] Origin https://x.webflow.io is not allowed by Access-Control-Allow-Origin.
  • [Error] Failed to load resource: Origin https://x.webflow.io is not allowed by Access-Control-Allow-Origin. (jquery-3.4.1.min.220afd743d.js, line 0)
  • [Error] Cross-origin script load denied by Cross-Origin Resource Sharing policy.

Is there any way to whitelist this script on the Cookiebot side? We can't change the jQuery script tag.

1

Comments

4 comments

Sort by Date Votes
  • Avatar
    Spas – vConnect – Community Supporter

    Hi Forrest O.

    From the above described information I think that this is most likely a security issue caused by the crossorigin attribute.
    However, I could not see how Cookiebot should have anything to do with this and block jQuery by preventing the script from loading. Could you please send us an example URL where we can see the problem and further in order to find out what might went wrong and help you solve the issue afterwards. 
    You could post the URL in question here or send it to support@cookiebot.com 

    Regards,
    Spas

     

    0
    Comment actions Permalink
  • Avatar
    malua

    Hey! Have you figured this out?

    We have the exact same problem with cookiebot blocking this jquery script from being loaded.
    The jQuery is automatically loaded by webflow and not something custom.

    As soon as I add the cookiebot script, the navigation stops working due to missing jquery

    0
    Comment actions Permalink
  • Avatar
    Spas – vConnect – Community Supporter

    Hi malua

    Cookiebot does not prevent from loading or block scripts which does not set cookies on the website, could you please check it any cookies are set when jQuery is automatically loaded by webflow. 
    However, this is unusual behavior which needs to be investigated. Could you please send us the domain where we can see the problem and inspect it. Any information would be useful in order to detect the issue and find a solution.

    Regards,
    Spas

    0
    Comment actions Permalink
  • Avatar
    Jacques
    • Edited

    malua if you load the script direct via GTM it will work.

     

    Best,
    Jacques

    0
    Comment actions Permalink

Please sign in to leave a comment.

Didn't find what you were looking for?

New post