Hi Team,
I need to add integrity hashes for script and link tag in my iparams.html. i generated integrity hashes for script tags but i trying to generate integrity hashes in SRI Hash Generator
for
<link rel="stylesheet" type="text/css" href="https://static.freshdev.io/fdk/2.0/assets/freshdesk.css" />
for this url i’m getting error in SRI Hash Generator which is shown below in screen shot.
Can anyone help me to sort this issue.
Kindly replace the script with the app client.
<script src="{{{appclient}}}"></script>
Once changes, kindly test again and confirm if it works.
Regards,
Thakur
Thank you @Thakur_Ganeshsingh
I already added <script src="{{{appclient}}}"></script> in my iparams.html
@Thakur_Ganeshsingh @kaustavdm @Raviraj
This is for paid apps
How can i generate integrity hashes for <script src="{{{appclient}}}"></script> . i can’t generate integrity hashes in SRI Hash Generator
Hi @Kithiyon,
Why do you want to add an integrity hash for this resource?
This script is loaded by the platform automatically when the app is rendered, and it’s secure since the platform is holding the value for this resource and providing it to the app dynamically.
@Santhosh, could you please add more on the possibility of SRI hash, if any?
Thank you @Raviraj
Our app is rejected by freshworks testing team because of ‘integrity’ attribute is missing for an externally hosted files in our iparams.html and index.html which is shown in below snap shoot.
Hi,
We are in the same case, our app has ben rejected because sha integrity for the default CSS that all Freshdesk fdk manuals comments to add in projects (https://static.freshdev.io/fdk/2.0/assets/freshdesk.css) is missing.
with we solve the problem for JS FDK client file, but what’s happen with css? It’s necessary download a copy of css and incluyed locally in our projects or we can generate the sha-384 of this file and use it?
I’ve generate the sha-384 with OpenSSL (Subresource Integrity - Web security | MDN): BoZyhtkyThvVe8fL8Z5/AzB4nF7ae9gGuze0dC3i5L1ynIscgym/AdFxSq0e43N6
Is this ok?
Regards
I am facing the same error. While submitting our application because of ‘integrity’ attribute is missing from <script src="{{{appclient}}}"></script>. Should I skip it or how can I generate an integrity hashes for it?
Hi Araokiya,
The problem is that this file is managed and hosted by Freshworks. If Freshworks modifiy it, then my sha-384 will be invalid and browsers doesn’t load it.
Also, after modify our code with for client script, validator process still mark an error because integrity attribute is missing.
We need solve this urgently to publish our app
Regards
Hi @Kithiyon ,
Facing similar type of issue , any updates on this , were you able to find any fix for this ? If yes , kindly help us with the same.
Can you write this to freshworks support because we discussed about this with one of the freshworks developer at dev submit in bangalore.
This security warning is from our automatic security scan for all the app submissions. The app will not get rejected for this security warning.
For the appclient, ignore the integrity attribute. Let us know if any of your apps get rejected only for this reason and we can investigate further.
This topic was automatically closed 6 days after the last reply. New replies are no longer allowed.
