Magento 2.4.7 CSP / SRI issue on checkout page and admin

Hi,

My issues is that when I proxy Babygear.dk through Cloudflare, we get the following error message on Magento checkout page and the page does not load correct because loading the script is blocked.

We have added the below hash to our xml_allowlist and it works fine, when we set Cloudflare in “developer mode” or do not proxi through Cloudflare, but when we proxi through Cloudflare we get the following error:

Failed to find a valid digest in the ‘integrity’ attribute for resource ‘https://www.babygear.dk/static/version1714545269/frontend/Magento/luma/da_DK/requirejs/require.js’ with computed SHA-256 integrity ‘VODlv7gms2iTofiNaOF9GqKvi4P0WL3J8UuH2UaX7rE=’. The resource has been blocked.

Background info from Adobe. To comply with PCI 4.0 requirements for verification of script integrity on payment pages, Magento Open Source 2.4.7 and later include support for Subresource Integrity by providing integrity hashes for all Javascript assets residing in the local filesystem. (This functionality is defined in the Magento_Csp module.)

How can we solve this issue?

Best regards,
Jesper
BabyGear.dk

Hi @jb15 Jesper,

Would setting a Cache rule (not to cache the check out page) work?

Thank you.

This topic was automatically closed 2 days after the last reply. New replies are no longer allowed.