developer.authorize.net developer.cybersource.com
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a question

CORS error when using integrity as crossorigin on <script>

I'm following the steps here:
https://support.visaacceptance.com/knowledgebase/Knowledgearticle/?code=KA-07551

Managed to put the "integrity" and "crossorigin" attributes in my js tag to load microform, but when i do that i got a CORS error.
Without those two attributes the JS loads fine, i'm doing anything wrong? Is the documentation is wrong?
I really want to follow the documentation and do the thinks correctly, but i'm almost ignoring those two attributes to make it work.

Thanks

 

1 person had this problem.
tpinto
Member

‎12-16-2024 12:51 PM

4 REPLIES 4

I am also having similar issues, when adding integrity tag with crossorigin as anonymous, javascript library is blocked due to below error.

Subresource Integrity: The resource 'https://testflex.cybersource.com/microform/bundle/v2.0.2/flex-microform.min.js' has an integrity attribute, but the resource requires the request to be CORS enabled to check the integrity, and it is not. The resource has been blocked because the integrity cannot be enforced.

Does that mean cybersource has to enable CORS on server side ? does anyone know how to resolve this issue iof it is not cybersource issue?

 

Thanks and Regards,

smanick
Member

‎01-06-2025 01:00 PM

We also having the same issue. Please suggest the right solution.

I think adding these two headers to response should resolve the issue:
Cross-Origin-Embedder-Policy: credentialless
Cross-Origin-Resource-Policy: cross-origin

 

 

OlegO
Member

‎01-22-2025 02:37 AM

We fixed the issue by changing/adding Сross-Origin-Embedder-Policy response header to unsafe-none for our e-commerce website.

OlegO
Member

‎01-28-2025 05:51 AM

Hey, yeah I’ve run into this kind of thing before and it’s honestly super confusing the first time you see it.

From what you’re describing, it sounds like the script loads fine normally, but the moment you add integrity + crossorigin, the browser starts throwing CORS errors. That usually isn’t you doing something wrong—it’s more about how SRI (subresource integrity) and CORS headers need to match perfectly from the server side.

I faced something similar when integrating a third-party JS SDK, and what I noticed was: if the provider doesn’t return proper CORS headers or the integrity hash is slightly off, the browser just blocks it.

What worked for me:

Double-check the exact script URL vs the integrity hash (even a small mismatch breaks it)

Try crossorigin="anonymous" only (no credentials)

Confirm the CDN actually supports SRI + correct CORS headers

Not sure if Visa docs are outdated, but sometimes they assume modern CDN setup.

In my case I just had to relax strict SRI until provider fixed their setup (was working on Dooflix side integrations too).

Have you verified the integrity hash matches the exact file version you’re loading?

CosmicVibes
Member

‎04-16-2026 10:40 AM

0 Kudos
Copyright © 2026 Khoros, LLC