Subsource integrity

  • Resolved studio4

    (@studio4)


    5 years, 8 months ago

    Hello,

    Your plugin needs to be updated to prevent subsource integrity issues when serving sites over SSL.

    In /wp-content/plugins/popup-notices-for-woocommerce/src/classes/class-modal.php

    wp_enqueue_script( 'ttt_pnwc_micromodal', '//unpkg.com/micromodal/dist/micromodal.min.js' );

    should be changed to

    wp_enqueue_script( 'ttt_pnwc_micromodal', 'https://unpkg.com/micromodal/dist/micromodal.min.js' );

Viewing 3 replies - 1 through 3 (of 3 total)
  • Plugin Author Pablo Pacheco

    (@karzin)

    Hello @studio4 ,

    Generally, I enqueue script files using // because it loads them through https when needed. But I think it only makes sense when loading resources from the same site, and not from external ones.

    So I think there is no problem to change it like you want, thanks
    ??

    Thread Starter studio4

    (@studio4)

    Hello Pablo,

    I agree with this in principle however as part of the push towards secure web this causes a subsource integrity warning. I think if it’s easy enough for you to change to https it shouldn’t affect anyone using http but should help prevent any warnings for the increasing number using https.

    Hope this makes sense and thanks for taking it on board.

    Andy

    Plugin Author Pablo Pacheco

    (@karzin)

    Sure,
    Thanks for letting me know.

    I just updated it on version 1.1.6

Viewing 3 replies - 1 through 3 (of 3 total)
  • The topic ‘Subsource integrity’ is closed to new replies.