How to resolve this?
1 Answer, 1 is accepted
Hello Sachith,
Thank you for the details provided.
The Kendo UI for ASP.NET MVC library does not provide a built-in way to add a Subresource Integrity (SRI) attribute for scripts like pdf.worker.mjs that are loaded internally by kendo.all.min.js from the CDN. This is a limitation because the resource is loaded dynamically and the SRI attribute cannot be set.
To address this, you can host pdf.worker.mjs locally within your application and configure Kendo UI to load it from your server instead of the CDN. This way, you have full control over the file and can ensure its integrity. Here’s how you can do it:
Download pdf.worker.mjs from the CDN and place it in your project, for example under
/Scripts/pdf.worker.mjs.Configure Kendo UI to use the local worker file. If you are using the PDF export feature, set the worker URL as follows:
kendo.pdf.defineWorker('/Scripts/pdf.worker.mjs');Ensure your application serves this file securely and, if needed, you can further control its integrity by managing your deployment process.
I hope this information helps.
Kind Regards,
Anton Mironov
Progress Telerik
Love the Telerik and Kendo UI products and believe more people should try them? Invite a fellow developer to become a Progress customer and each of you can get a $50 Amazon gift voucher.