How to solve “resource requires the request to be CORS enabled… resource has been blocked because the integrity cannot be enforced” error

I think you are missing crossorigin="anonymous".

<link rel="stylesheet" href="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css" integrity="sha384-1q8mTJOASx8j1Au+a5WDVnPi2lkFfwwEAa8hDDdjZlpLegxhjVME1fgjWPGmkzs7" crossorigin="anonymous">

When the request doesn't match Same Origin Policy the crossorigin attribute MUST be present for the integrity of the file to be checked. With an integrity set on an external origin and a missing crossorigin the browser will choose to 'fail-open' which means it will load the resource as if the integrity attribute was not set.

Source

I was trying to insert jQuery into a page via the Chrome DevTools Console, and I was getting this error. Here's the code I was using:

// Bad code
let script = document.createElement('script');
script.src = 'https://code.jquery.com/jquery-3.2.1.min.js';
script.crossorigin = 'anonymous';
script.integrity = 'sha256-hwg4gsxgFZhOsEEamdOYGBf13FyQuiTwlAQgxVSNgt4=';
document.head.appendChild(script);

The solution was to change crossorigin to crossOrigin (uppercase O for Origin):

// Good code
let script = document.createElement('script');
script.src = 'https://code.jquery.com/jquery-3.2.1.min.js';
script.crossOrigin = 'anonymous';
script.integrity = 'sha256-hwg4gsxgFZhOsEEamdOYGBf13FyQuiTwlAQgxVSNgt4=';
document.head.appendChild(script);

How to solve “resource requires the request to be CORS enabled… resource has been blocked because the integrity cannot be enforced” error

Tags:

Twitter Bootstrap

Cors

Twitter Bootstrap 3

Subresource Integrity

Related

Recent Posts