You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
User Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0
Steps to reproduce:
On our company website https://www.chemgenes.com, we attempted to apply subresource integrity to the "security seals" we currently display at the bottom -- these are cross-origin scripts issued by seal.digicert.com and seal.securetrust.com.
Actual results:
The domains do not support the CORS standard. Subresource Integrity could not be applied.
The resources offered may not constitute a CDN per se -- however, would Mozilla Information Security please still be able to contact these two entities, to request they support CORS?
Thank you.
The text was updated successfully, but these errors were encountered:
From Aaron Schiffer:
User Agent: Mozilla/5.0 (Windows NT 6.3; Win64; x64; rv:83.0) Gecko/20100101 Firefox/83.0
Steps to reproduce:
On our company website https://www.chemgenes.com, we attempted to apply subresource integrity to the "security seals" we currently display at the bottom -- these are cross-origin scripts issued by seal.digicert.com and seal.securetrust.com.
Actual results:
The domains do not support the CORS standard. Subresource Integrity could not be applied.
Expected results:
I expected they might support the CORS standard.
The paragraphs at https://infosec.mozilla.org/guidelines/web_security#subresource-integrity indicates, "if the CDN you are loading does not support CORS, please contact Mozilla Information Security. We are happy to contact the CDN on your behalf."
The resources offered may not constitute a CDN per se -- however, would Mozilla Information Security please still be able to contact these two entities, to request they support CORS?
Thank you.
The text was updated successfully, but these errors were encountered: