JS Loalization

  • Resolved joy0114

    (@joy0114)


    10 months, 1 week ago

    Hi,

    I understood that js file can be localized if it’s called with <script …> tag.

    I’ve got a shipping plugin which use an openstreetmap, and so, it calls leaflet.js from this url:
    https://unpkg.com/[email protected]/dist/leaflet.js

    with this code:

    <?php // phpcs:ignore WordPress.WP.EnqueuedResources.NonEnqueuedScript ?>
	<script src="https://unpkg.com/[email protected]/dist/leaflet.js"
			integrity="sha256-o9N1jGDZrf5tS+Ft4gbIK7mYMipq9lqpVJ91xHSyKhg="
			crossorigin=""></script>

    I used this url for localizing it, it works, but the browser continues loading “unpkg.com/[email protected]/dist/leaflet.js” (or rather “tries” to load, because it’s blocked by CSP policy… even in adding this url in script-src CSP policy in header.php).

    Could it be the integrity tag the culprit ?

    I suppose that the plugin uses the localized js file as the map is displayed while https://unpkg.com/[email protected]/dist/leaflet.js can not be loaded !

    Any idea for helping me to clarify this ?
    Thanks a lot.

    • This topic was modified 10 months, 1 week ago by joy0114.
Viewing 6 replies - 1 through 6 (of 6 total)
  • Plugin Support qtwrk

    (@qtwrk)

    please provide the report number

    you can get it in toolbox -> report -> click “send to LiteSpeed”

    Thread Starter joy0114

    (@joy0114)

    Hi,

    Here my report:
    TKALPUCY
    01/21/2024 19:18:49

    Thanks for your attention.
    Best regards

    Plugin Support qtwrk

    (@qtwrk)

    I don’t see the leaflet.js in home ? which page has that JS?

    Thread Starter joy0114

    (@joy0114)

    Hi Qtwrk,

    I’m sorry, I wasn’t precise enough.

    The shipping plugin which calls leaflet.js is :
    colissimo-shipping-methods-for-woocommerce

    This plugin calls leaflet.js in file: include/partials/pickup/webservice.php

    I just load this plugin on the cart page and checkout page of my website.

    If there is something in cart, and on the cart page, if we choose a country and postcode (for example “Pays-Bas / Amsterdam / 1011AA), and after this if we select “Colissimo Europe Point de retrait:”, and the Checkout …

    On the checkout page (with developper tools), I can see:

    /wp-content/litespeed/localres/aHR0cHM6Ly91bnBrZy5jb20vbGVhZmxldEAxLjkuMi9kaXN0L2xlYWZsZXQuanM=

    which is a “link” towards:

    /wp-content/litespeed/localres/cba7174f036f96e0834e3460d76ef637.js

    This last js is the leaflet.js, optimized by Litespeed.

    But I can also see:

    https://unpkg.com/[email protected]/dist/leaflet.js which is blocked by CSP, but in any case, it should not be there.

    Some screenshots here:
    screenshot 1
    We can see, in first line and last line that Litespeed plugin make the job.

    screenshot 2
    Here, the call of original js file (as mentioned above, with a “integrity” tag in its call).

    Thank you very much for your opinion about it.
    Best regards

    Plugin Support qtwrk

    (@qtwrk)

    if the js was loaded by another js , like your 2nd screenshot , initiator is jquery.min.js , in such case , it won’t localize , or direct load via <script tag HTML will

    Thread Starter joy0114

    (@joy0114)

    Hi,

    Indeed … I just noticed that jquery functions are used to initialize the modal window containing the openstreetmap map, so consequently leaflet.js.

    So no need to look further.
    Too bad.

    Anyway, thanks for your help !

Viewing 6 replies - 1 through 6 (of 6 total)
  • The topic ‘JS Loalization’ is closed to new replies.