Viewing 4 posts - 1 through 4 (of 4 total)
  • Author
    Posts
  • March 22, 2019 at 9:32 pm #1082019
    id-systems

    Working on our new site and the security auditors came back with this:

    Subresource integrity (SRI) is a security feature that enables browsers to verify that files they fetch (for example,
    While redirecting a user to their ultimate URL destination, the user passes through one or more URLs served over HTTP (instead of HTTPS). Having HTTP links in a redirect chain weakens other security technologies (e.g., HTTPS and HSTS headers) that are deployed elsewhere in the chain.
    from a CDN) are delivered without unexpected manipulation. It works by allowing website elements to provide a cryptographic hash that a fetched file must match.

    Is this something we can setup properly with Enfold or is this more of a host configuration issue?

    March 25, 2019 at 3:18 pm #1082695
    Victoria

    Hey id-systems,

    It depends on how you implemented the SSL. Are you using the Force SSL plugin?

    Please share the link to your website.

    Best regards,
    Victoria

    March 25, 2019 at 6:30 pm #1082790
    id-systems

    Link to dev site (enfold) in field below. Production site has HSTS setup but we have some other things we need to do on that front to make it work.

    Using the SSL Secure Content Fixer plugin with it set to “Simple”

    March 26, 2019 at 8:54 am #1083015
    Victoria

    Hi id-systems,

    Well, the plugin, in this case, is in charge of this functionality. You might want to try a different configuration or a different plugin.

    Best regards,
    Victoria

  • Author
    Posts
Viewing 4 posts - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.