Can't use integrity script attribute

Hello

I am trying to build a Zendesk app and followed the steps in this guide:

https://developer.zendesk.com/documentation/apps/getting-started/using-zcli/

The `iframe.html` file includes a script tag. As a security measure, I'm required by my company to add an integrity attribute to this script tag with a hash to verify the script has not been manipulated.

<scripttype="text/javascript"src="https://assets.zendesk.com/apps/sdk/2.0/zaf_sdk.js"

integrity="sha256-WHVWWMLV1MeI0XWqHvUm6vA8imQw6GsC/2dB6Cwx0OE="crossorigin="anonymous"></script>

However, doing this introduces CORS errors when I run the app locally. I didn't try it yet, but I assume the same will happen if I deploy it.

Access to script at 'https://assets.zendesk.com/apps/sdk/2.0/zaf_sdk.js' from origin 'http://localhost:4567' has been blocked by CORS policy: No 'Access-Control-Allow-Origin' header is present on the requested resource.

To fix this, I believe the server hosting the script should include the `Access-Control-Allow-Origin` header.

Is there a way to fix this or am I unable to use the integrity attribute?

Thank you