- This topic has 6 replies, 3 voices, and was last updated 4 years, 7 months ago by David.
-
AuthorPosts
-
January 29, 2020 at 5:16 am #1148064Patrik
Hi,
hope everyone are good!
Im a bit frustrated here, when running a scan test on my website i get this message (translated from swedish)Subresource Integrity (SRI) not implemented, and external soruces where loaded over HTTP or protocolrelated URLS via src=”//…”
Following 3:rd party source where loaded without SRI:
//fonts.googleapis.com/css?family=Open+Sans%3A600%7COpen+Sans%3A600%7COpen+Sans%3A400When running inspect page in broswer and searching im getting this:
<link rel=”stylesheet” id=”SP_EAP-google-web-fonts-sp_eap_shortcode_options-css” href=”//fonts.googleapis.com/css?family=Open+Sans%3A600%7COpen+Sans%3A600%7COpen+Sans%3A400″ type=”text/css” media=”all”>Status-Check on site:
HTTPS Standard- Certificate: valid and trusted
The connection to this site is using a valid, trusted server certificate issued by Let’s Encrypt Authority X3.Connection: secure connection settings
The connection to this site is encrypted and authenticated using TLS 1.2, ECDHE_RSA with X25519, and AES_128_GCM.Resources: all served securely
All resources on this page are served securely.HTTP Strict Transport Security (HSTS)
Pass/No issue – max-age=63072000; includeSubDomainsHoping you could help me with this,
PatrikJanuary 30, 2020 at 3:27 am #1149084LonginosHi
I´m not a Generatepress team member.
This can´t be solved cause google fonts returns personalized css related to the UA.
You can read about the issue here: https://github.com/google/fonts/issues/473.
A workaround is to put fonts locally and then generate the SRI, but you lose these customized css.January 30, 2020 at 7:06 am #1149433DavidStaffCustomer SupportThanks Longinos for responding.
Out of interest which ‘Scan test’ were you performing?January 30, 2020 at 10:29 am #1149643PatrikMany thanks Longinos,
Dont know why but im a bit “scared” or how to say it about my test displaying “3rd party” cookies.
Dont know why, seems bad?David – Im performing this test on a swedish based website:
https://webbkoll.dataskydd.netIf you but website address you can run a test.
You will still get the “services” in english and the main result for each component in english
So you will be able to relate 🙂January 30, 2020 at 10:49 am #1149658LonginosHi Patrik
If you use 3rd party resources, maybe you have 3rd party cookies, Google Analitics for example, to say a popular 3rd. party service.January 30, 2020 at 12:03 pm #1149732PatrikHi,
i really dont have that and only the fonts link.
After reading i cant find that fonts.googleapis.com is within regulations of GDPR (i live in europe)January 30, 2020 at 3:58 pm #1149839DavidStaffCustomer SupportThe link for that font doesn’t look like a GP request as i don’t recognise the ID – did you identify what was requesting the font?
-
AuthorPosts
- You must be logged in to reply to this topic.