I have a JS file I have uploaded in a Google Cloud Project bucket. I am using this as a CDN. After I added an integrity check to my JS file that is being used as a CDN, I keep getting an error
Access to script at someCDN.js from origin requestURL.com has been blocked by CORS policy. No 'Access-Control-Allow-Origin' header is present on the requested resource. Origin 'requestURL.com' is therefore not allowed access
I was previously able to use this CDN without a problem before adding the integrity check. I double checked and made sure the requesting URLs are set as the permitted Origin Headers, but now I get this error after adding an integrity check.
The way I use the CDN is I build a <script> tag dynamically and append it to the DOM.
const script = document.createElement('script')
const parent = document.body
script.src = 'https://storage.googleapis.com/some/file.js'
script.integrity = 'sha384-someSRIhashkey'
script.setAttribute('crossOrigin', 'anonymous')
parent.appendChild(script)
The way I generated the HASH is https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity#Tools_for_generating_SRI_hashes
After generating the hash with the command in the docs, I upload my file to the Google Cloud bucket as an object.