With WordPress 5.4.2, in Firefox 78+ (and a few versions earlier), CommonWP produces a mangled URL for WordPress core style sheets on /wp-login.php:
The resource from “https://cdn.jsdelivr.net/gh/wordpress/wordpress@5.4.2/wp-admin/css/l10n.min.css'%20integrity='sha384-dSLaYLAmhWaob0aBNNMoTPOKdwoUIlexxia38O4TRqijRM0Obc9A2uu5TxRP6r/H'%20crossorigin='anonymous” was blocked due to MIME type (“text/plain”) mismatch (X-Content-Type-Options: nosniff).
wp-login.php
The resource from “https://cdn.jsdelivr.net/gh/wordpress/wordpress@5.4.2/wp-admin/css/forms.min.css'%20integrity='sha384-lhiSdgN9OLKjBPHBIYNc7csFRPJPqbivOhWbjOz0mBJP35zTt0YCxM24Au1XGcsK'%20crossorigin='anonymous” was blocked due to MIME type (“text/plain”) mismatch (X-Content-Type-Options: nosniff).
wp-login.php
The resource from “https://cdn.jsdelivr.net/gh/wordpress/wordpress@5.4.2/wp-includes/css/buttons.min.css'%20integrity='sha384-z6xPsQva+EzntCABrR1YgFh5ccgnZmWVjuvqiHoSCNepCkYFwEQOgQcB7itJ+hNU'%20crossorigin='anonymous” was blocked due to MIME type (“text/plain”) mismatch (X-Content-Type-Options: nosniff).
wp-login.php
The resource from “https://cdn.jsdelivr.net/gh/wordpress/wordpress@5.4.2/wp-admin/css/login.min.css'%20integrity='sha384-9BVAKbXTVeVOgWabhmO/eJ3F63twpLNx7PX2mTIUdaXfbSp9hAoRa6UoRl4zMHzX'%20crossorigin='anonymous” was blocked due to MIME type (“text/plain”) mismatch (X-Content-Type-Options: nosniff).
wp-login.php
The resource from “https://cdn.jsdelivr.net/gh/wordpress/wordpress@5.4.2/wp-includes/css/dashicons.min.css'%20integrity='sha384-7C8ocYrcXKR1loNXUOAHzjPE8vNG8p3JYegoiFGi4iky0Z7lBk0PHtW4mBKFRMHq'%20crossorigin='anonymous” was blocked due to MIME type (“text/plain”) mismatch (X-Content-Type-Options: nosniff).
wp-login.php
Indeed, e.g. https://cdn.jsdelivr.net/gh/wordpress/wordpress@5.4.2/wp-admin/css/l10n.min.css'%20integrity='sha384-dSLaYLAmhWaob0aBNNMoTPOKdwoUIlexxia38O4TRqijRM0Obc9A2uu5TxRP6r/H'%20crossorigin='anonymous returns:
Package size exceeded the configured limit of 50 MB. Try https://github.com/wordpress/wordpress/tree/5.4.2/wp-admin/css/l10n.min.css' integrity='sha384-dSLaYLAmhWaob0aBNNMoTPOKdwoUIlexxia38O4TRqijRM0Obc9A2uu5TxRP6r/H' crossorigin='anonymous instead.
whereas https://cdn.jsdelivr.net/gh/wordpress/wordpress@5.4.2/wp-admin/css/l10n.min.css returns the proper style sheet.
Disabling CommonWP resoles the issue.
With WordPress 5.4.2, in Firefox 78+ (and a few versions earlier), CommonWP produces a mangled URL for WordPress core style sheets on
/wp-login.php:Indeed, e.g.
https://cdn.jsdelivr.net/gh/wordpress/wordpress@5.4.2/wp-admin/css/l10n.min.css'%20integrity='sha384-dSLaYLAmhWaob0aBNNMoTPOKdwoUIlexxia38O4TRqijRM0Obc9A2uu5TxRP6r/H'%20crossorigin='anonymousreturns:whereas
https://cdn.jsdelivr.net/gh/wordpress/wordpress@5.4.2/wp-admin/css/l10n.min.cssreturns the proper style sheet.Disabling CommonWP resoles the issue.