Facing Issue while generating integrity hashes for the freshdesk cdn

Hi Team,

I need to add integrity hashes for script and link tag in my iparams.html. i generated integrity hashes for script tags but i trying to generate integrity hashes in SRI Hash Generator
<link rel="stylesheet" type="text/css" href="https://static.freshdev.io/fdk/2.0/assets/freshdesk.css" />

for this url i’m getting error in SRI Hash Generator which is shown below in screen shot.

Can anyone help me to sort this issue.

@Thakur_Ganeshsingh @Santhosh @Raviraj

Can anyone help me to sort this issue?

Kindly replace the script with the app client.

<script src="{{{appclient}}}"></script>

Once changes, kindly test again and confirm if it works.


Thank you @Thakur_Ganeshsingh

I already added <script src="{{{appclient}}}"></script> in my iparams.html

@Thakur_Ganeshsingh @kaustavdm @Raviraj

This is for paid apps

How can i generate integrity hashes for <script src="{{{appclient}}}"></script> . i can’t generate integrity hashes in SRI Hash Generator

Hi @Kithiyon,

Why do you want to add an integrity hash for this resource?
This script is loaded by the platform automatically when the app is rendered, and it’s secure since the platform is holding the value for this resource and providing it to the app dynamically.

@Santhosh, could you please add more on the possibility of SRI hash, if any?

Thank you @Raviraj

Our app is rejected by freshworks testing team because of ‘integrity’ attribute is missing for an externally hosted files in our iparams.html and index.html which is shown in below snap shoot.


We are in the same case, our app has ben rejected because sha integrity for the default CSS that all Freshdesk fdk manuals comments to add in projects (https://static.freshdev.io/fdk/2.0/assets/freshdesk.css) is missing.

with we solve the problem for JS FDK client file, but what’s happen with css? It’s necessary download a copy of css and incluyed locally in our projects or we can generate the sha-384 of this file and use it?

I’ve generate the sha-384 with OpenSSL (Subresource Integrity - Web security | MDN): BoZyhtkyThvVe8fL8Z5/AzB4nF7ae9gGuze0dC3i5L1ynIscgym/AdFxSq0e43N6

Is this ok?


Hi @jjimenez

Yes, You can use sha-384 for your external resources.

I am facing the same error. While submitting our application because of ‘integrity’ attribute is missing from <script src="{{{appclient}}}"></script>. Should I skip it or how can I generate an integrity hashes for it?

1 Like

Hi Araokiya,

The problem is that this file is managed and hosted by Freshworks. If Freshworks modifiy it, then my sha-384 will be invalid and browsers doesn’t load it.

Also, after modify our code with for client script, validator process still mark an error because integrity attribute is missing.

We need solve this urgently to publish our app


1 Like

Hi @Kithiyon ,

Facing similar type of issue , any updates on this , were you able to find any fix for this ? If yes , kindly help us with the same.

Hi @Jayanth_Kumar

Can you write this to freshworks support because we discussed about this with one of the freshworks developer at dev submit in bangalore.

This security warning is from our automatic security scan for all the app submissions. The app will not get rejected for this security warning.

For the appclient, ignore the integrity attribute. Let us know if any of your apps get rejected only for this reason and we can investigate further.

This topic was automatically closed 6 days after the last reply. New replies are no longer allowed.