24/7 Support: 800.608.6482

Developer Docs

How To Guides

9.10 and Customers Using CDNs

9.10 introduces a security layer on all JS files called Subresource Integrity which adds a SHA hash to all JS files to ensure they have not been modified from their original versions.

Example:

Customers who use a CDN will a lot of time also minify and strip whitespace from JS files. For example, cloudflare has the option to do this under their “Speed” menu:

“Speed

This setting will break the subresource integrity check for all JS files preventing them from loading.

Here are the steps we need to take for any customer using a CDN to prevent their JS from breaking when they update to 9.10. These steps are for cloudflare but each CDN should have something similar:

  1. You can leave auto minify on of all JS files you just need to create a rule so none of the clientside.mvc JS files get minified (they can still get cached). To do this go into Page Rules and create the following rule:

  2. “Create

    The domain should be updated to the clients actual domain. The * is a wildcard so it will cover all front end JS files (Image Machine, Attribute Machine, Facets, etc) Per Cloudflare disabling “Performance” on file will do the following:

    “Disable

    https://support.cloudflare.com/hc/en-us/articles/200168306-Is-there-a-tutorial-for-Page-Rules-

    The minification is the main things we want to disable.

    You’ll also want to disable cache/performance for all admin files as well by targeting any file with admin.mvc or json.mvc. This is normally done as part of a Cloudflare setup but worth checking.


    “URL

    “Browser

    Finally, if the customer wants the benefit of having those files minified, we already have a setting for that under Domain Settings -> Site Configuration. Here you’ll want to change the JavaScript drop down to Combined and Minified. This will output all the clientside.mvc files as minified files with the correct subresource identity hash.

    “Site

This website uses cookies to identify visitors, track visitors to our website, store login session information and to remember your user preferences. By continuing to use this site you agree to our use of cookies. Learn More.

This website uses cookies. By continuing to use this site you agree to our use of cookies. Learn More.

Accept

Copyright © 1997 – 2024 Miva®, Miva Merchant®, MivaPay®, MivaCon®, Camp Miva®, Miva Connect®, Miva, Inc. All Rights Reserved.