Rocket Loader with CSP headers breaks require js on Magento
Hello, CF community, we have a Magento site with a Rocket loader feature. After deploying CSP headers we got an error - require is not defined. If we disable the rocket loader the issue is dissapear. I want to mention that we've added CSP header script-src 'self' ajax.cloudflare.com; as mentioned in the CF docs https://developers.cloudflare.com/fundamentals/reference/policies-compliances/content-security-policies/#product-requirements
What can you suggest to resolve the issue? I really appreciate any help you can provide.
Cloudflare Docs
Content Security Policies (CSPs) | Cloudflare Fundamentals docs
A Content Security Policy (CSP) is an added layer of security that helps detect and mitigate certain types of attacks, including:
1 Reply
Hey Leo
It's not a good idea for me. The rocket loader makes a huge impact on the performance.
I was suggested to ignore require js in rocket loader, but I still looking for the best solution, cause I am interested in speed site optimization