search

kindspells / astro-shield

Astro integration to enhance your website's security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques.
https://astro-shield.kindspells.dev
MIT License
57 stars 6 forks source link

Shield removes scripts without content #151

Closed dsmith-digitalmint closed 3 weeks ago

dsmith-digitalmint commented 1 month ago

When building the application with the following script:

<script
    type="text/javascript" 
    id="Cookiebot"
    src="https://consent.cookiebot.com/uc.js"
    data-cbid="d14922fe-e985-4886-9910-cf8a45c1406b"
    data-blockingmode="auto"
    async>
</script>

I get the following error: 09:15:11 [WARN] [@kindspells/astro-shield-post-config-setup] Script "https://consent.cookiebot.com/uc.js" must have either a src/href attribute or content, but not both. Removing it.

castarco commented 3 weeks ago

Hi @dsmith-digitalmint , I'm sorry for my delay in responding to this issue. These past weeks I've been overloaded.

You can avoid this issue by removing all spaces inside the <script> block. So, instead of writing:

<script
    type="text/javascript" 
    id="Cookiebot"
    src="https://consent.cookiebot.com/uc.js"
    data-cbid="d14922fe-e985-4886-9910-cf8a45c1406b"
    data-blockingmode="auto"
    async>
</script>

Write:

<script
    type="text/javascript" 
    id="Cookiebot"
    src="https://consent.cookiebot.com/uc.js"
    data-cbid="d14922fe-e985-4886-9910-cf8a45c1406b"
    data-blockingmode="auto"
    async></script>

I'll be working on a more flexible solution, but this will solve your problem for now.

dsmith-digitalmint commented 2 weeks ago

I tried that and got the following error:

Screenshot 2024-11-06 at 4 22 55 PM

DId you want to put another bounty on this issue like we discussed?