24/7 Support: 800.608.6482

Get Started

Developer Docs

How To Guides

9.10 and Customers Using CDNs

9.10 introduces a security layer on all JS files called Subresource Integrity which adds a SHA hash to all JS files to ensure they have not been modified from their original versions.

Example:

Customers who use a CDN will a lot of time also minify and strip whitespace from JS files. For example, cloudflare has the option to do this under their “Speed” menu:

“Speed

This setting will break the subresource integrity check for all JS files preventing them from loading.

Here are the steps we need to take for any customer using a CDN to prevent their JS from breaking when they update to 9.10. These steps are for cloudflare but each CDN should have something similar:

  1. You can leave auto minify on of all JS files you just need to create a rule so none of the clientside.mvc JS files get minified (they can still get cached). To do this go into Page Rules and create the following rule:

  2. “Create

    The domain should be updated to the clients actual domain. The * is a wildcard so it will cover all front end JS files (Image Machine, Attribute Machine, Facets, etc) Per Cloudflare disabling “Performance” on file will do the following:

    “Disable

    https://support.cloudflare.com/hc/en-us/articles/200168306-Is-there-a-tutorial-for-Page-Rules-

    The minification is the main things we want to disable.

    You’ll also want to disable cache/performance for all admin files as well by targeting any file with admin.mvc or json.mvc. This is normally done as part of a Cloudflare setup but worth checking.


    “URL

    “Browser

    Finally, if the customer wants the benefit of having those files minified, we already have a setting for that under Domain Settings -> Site Configuration. Here you’ll want to change the JavaScript drop down to Combined and Minified. This will output all the clientside.mvc files as minified files with the correct subresource identity hash.

    “Site

This website uses cookies to identify visitors, track visitors to our website, store login session information and to remember your user preferences. By continuing to use this site you agree to our use of cookies. Learn More.

This website uses cookies. By continuing to use this site you agree to our use of cookies. Learn More.

Accept

Miva believes that all online businesses should have access to a scalable ecommerce platform that can meet their unique business requirements. Miva offers PCI compliant ecommerce, hosting, and custom website design and development solutions. Miva customers have processed over $100 billion in online sales since 1997.

Copyright © 2016 Miva, Inc - All Rights Reserved   Privacy Policy | Store Policy

Links
Contact Us
Receive Tips & Updates

Copyright © 2017 Miva, Inc - All Rights Reserved

Back To The Top