Closed blimmer closed 8 years ago
I suspect this is the potentially convoluted help that I have provided for the addon (I have an idea for making that perhaps easier to comprehend).
Looking at your setup, you will need to specify: SRI.crossorigin: 'anonymous'
I will however check now that this is the case.
This fixes it by changing the code to:
SRI: {
runsIn: prodLikeEnvs,
crossorigin: 'anonymous'
},
Basically the reason it does this is to prevent a developer accidentally enabling it without allowing CORS headers on their CDN. So the behaviour is that all assets will an absolute URL have to specify the attribute.
The origin attribute I added is there for people who have the same prepend as their live site so the browser will safely know that it is the same origin.
@blimmer please let me know if that clears things up better too.
That did it. Thanks!
I'm struggling to get this working with
prepend
. I'm seeing the integrity hash only being applied when I build in the test environment or when I comment out theprepend
in thefingerprint
hash.Repro Steps:
ember b -e staging
orember b -e production
Observe: the integrity hash isn't there. If you comment out
ember-cli-build.js
line 28 and re-run the build, it will work.Am I missing something here? I thought that I followed the instructions in the README correctly.