How To Guides
9.10 and Customers Using CDNs
9.10 introduces a security layer on all JS files called Subresource Integrity which adds a SHA hash to all JS files to ensure they have not been modified from their original versions.
Example:
Customers who use a CDN will a lot of time also minify and strip whitespace from JS files. For example, cloudflare has the option to do this under their “Speed” menu:
This setting will break the subresource integrity check for all JS files preventing them from loading.
Here are the steps we need to take for any customer using a CDN to prevent their JS from breaking when they update to 9.10. These steps are for cloudflare but each CDN should have something similar:
- You can leave auto minify on of all JS files you just need to create a rule so none of the clientside.mvc JS files get minified (they can still get cached). To do this go into Page Rules and create the following rule:
The domain should be updated to the clients actual domain. The * is a wildcard so it will cover all front end JS files (Image Machine, Attribute Machine, Facets, etc) Per Cloudflare disabling “Performance” on file will do the following:
https://support.cloudflare.com/hc/en-us/articles/200168306-Is-there-a-tutorial-for-Page-Rules-
The minification is the main things we want to disable.
You’ll also want to disable cache/performance for all admin files as well by targeting any file with admin.mvc or json.mvc. This is normally done as part of a Cloudflare setup but worth checking.
Finally, if the customer wants the benefit of having those files minified, we already have a setting for that under Domain Settings -> Site Configuration. Here you’ll want to change the JavaScript drop down to Combined and Minified. This will output all the clientside.mvc files as minified files with the correct subresource identity hash.
