[Resolved] Subresource Integrity (SRI) – Google Fonts

Home Forums Support Subresource Integrity (SRI) – Google Fonts

  • This topic has 6 replies, 3 voices, and was last updated 12 months ago by David.
Viewing 7 posts - 1 through 7 (of 7 total)
  • Author
    Posts
  • #1148064
    Patrik

    Hi,
    hope everyone are good!
    Im a bit frustrated here, when running a scan test on my website i get this message (translated from swedish)

    Subresource Integrity (SRI) not implemented, and external soruces where loaded over HTTP or protocolrelated URLS via src=”//…”

    Following 3:rd party source where loaded without SRI:
    //fonts.googleapis.com/css?family=Open+Sans%3A600%7COpen+Sans%3A600%7COpen+Sans%3A400

    When running inspect page in broswer and searching im getting this:
    <link rel=”stylesheet” id=”SP_EAP-google-web-fonts-sp_eap_shortcode_options-css” href=”//fonts.googleapis.com/css?family=Open+Sans%3A600%7COpen+Sans%3A600%7COpen+Sans%3A400″ type=”text/css” media=”all”>

    Status-Check on site:
    HTTPS Standard

      Certificate: valid and trusted
      The connection to this site is using a valid, trusted server certificate issued by Let’s Encrypt Authority X3.

      Connection: secure connection settings
      The connection to this site is encrypted and authenticated using TLS 1.2, ECDHE_RSA with X25519, and AES_128_GCM.

      Resources: all served securely
      All resources on this page are served securely.

    HTTP Strict Transport Security (HSTS)
    Pass/No issue – max-age=63072000; includeSubDomains

    Hoping you could help me with this,
    Patrik

    #1149084
    Longinos

    Hi
    I´m not a Generatepress team member.
    This can´t be solved cause google fonts returns personalized css related to the UA.
    You can read about the issue here: https://github.com/google/fonts/issues/473.
    A workaround is to put fonts locally and then generate the SRI, but you lose these customized css.

    #1149433
    David
    Staff
    Customer Support

    Thanks Longinos for responding.
    Out of interest which ‘Scan test’ were you performing?

    #1149643
    Patrik

    Many thanks Longinos,
    Dont know why but im a bit “scared” or how to say it about my test displaying “3rd party” cookies.
    Dont know why, seems bad?

    David – Im performing this test on a swedish based website:
    https://webbkoll.dataskydd.net

    If you but website address you can run a test.
    You will still get the “services” in english and the main result for each component in english
    So you will be able to relate 🙂

    #1149658
    Longinos

    Hi Patrik
    If you use 3rd party resources, maybe you have 3rd party cookies, Google Analitics for example, to say a popular 3rd. party service.

    #1149732
    Patrik

    Hi,
    i really dont have that and only the fonts link.
    After reading i cant find that fonts.googleapis.com is within regulations of GDPR (i live in europe)

    #1149839
    David
    Staff
    Customer Support

    The link for that font doesn’t look like a GP request as i don’t recognise the ID – did you identify what was requesting the font?

Viewing 7 posts - 1 through 7 (of 7 total)
  • You must be logged in to reply to this topic.