GenChadT Posts - Answer Overflow

GenChadT

•Created by GenChadT on 6/2/2024 in #general-help

Cross-Origin Request Blocked, CORS request did not succeed.

I have two websites hosted on the same web server, each using separate domains registered w/ CF. One site is having an issue where an injected script sourced from https://static.cloudflareinsights.com/ appears to be blocked across Edge/Chromium/FF. Error below:

Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://static.cloudflareinsights.com/beacon.min.js/vef91dfe02fce4ee0ad053f6de4f175db1715022073587. (Reason: CORS request did not succeed). Status code: (null).

None of the “sha512” hashes in the integrity attribute match the content of the subresource. The computed hash is “z4PhNX7vuL3xVChQ1m2AB9Yg5AULVxXcg/SpIdNs6c5HONE8XYXysP+DRNKHfuwve7kxvUdBoaGlODJ6+SfaPg==”.

To my knowledge I haven't willingly enabled any kind of analytics tool outside of basic DNS proxy/caching. Notably, my other domain has proxy/caching enabled as well and is not having this problem. So far I have tried: • Updating site's apache config to the below:

                RewriteEngine On
                RewriteRule ^ - [E=CSP_NONCE:%{UNIQUE_ID}e]
                Header always set Content-Security-Policy "default-src 'self'; style-src 'self' [redacted]; font-src 'self' [redacted]; img-src 'self'; script-src 'self' https://static.cloudflareinsights.com 'nonce-%{CSP_NONCE}e'; object-src 'none';"
                Header always set Referrer-Policy "strict-origin-when-cross-origin"
                Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains"
                Header always set X-Frame-Options "SAMEORIGIN"
                Header always set X-Content-Type-Options "nosniff"

                RewriteEngine On
                RewriteRule ^ - [E=CSP_NONCE:%{UNIQUE_ID}e]
                Header always set Content-Security-Policy "default-src 'self'; style-src 'self' [redacted]; font-src 'self' [redacted]; img-src 'self'; script-src 'self' https://static.cloudflareinsights.com 'nonce-%{CSP_NONCE}e'; object-src 'none';"
                Header always set Referrer-Policy "strict-origin-when-cross-origin"
                Header always set Strict-Transport-Security "max-age=31536000; includeSubdomains"
                Header always set X-Frame-Options "SAMEORIGIN"
                Header always set X-Content-Type-Options "nosniff"

• Disabling browser cache and reloading • Disabling browser extensions • Visiting Caching > Configuration in the Dashboard to "Purge Everything", then reloading the site So far nothing has solved the issue. I was hoping you guys might have an idea of other things I might try?

29 replies

Gaming

Programming