Add SRI to CDN code snippets

Add SRI to CDN code snippets

CorralPeltzerCorralPeltzer Posts: 2Questions: 2Answers: 0

Subresource Integrity is a well known W3C recommendation to ensure external resources are not modified, and some public CDNs offer the links with SRI in them, like CDNJS or jsDelivr. It would be great that all code snippets in the CDN and the Download Builder added the integrity tag. It is also easy to automate the hash generation (openssl dgst -sha384 -binary filename.js | openssl base64 -A).

More info:
https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
https://www.w3.org/TR/SRI/
https://en.wikipedia.org/wiki/Subresource_Integrity

This question has an accepted answers - jump to answer

Answers

  • allanallan Posts: 48,097Questions: 1Answers: 6,918 Site admin
    Answer ✓

    Completely agree. I've just not managed to get around to it yet. It is something that is on my radar and plan to add in future.

    Allan

  • melodiouscodemelodiouscode Posts: 2Questions: 0Answers: 0

    Any news on this?

  • allanallan Posts: 48,097Questions: 1Answers: 6,918 Site admin

    Not yet sorry. It is still on my list of things to do - its just a long list...

    Allan

  • melodiouscodemelodiouscode Posts: 2Questions: 0Answers: 0

    I know the feeling! Am I right in thinking that because you have versioned the endpoints I am safe adding SRI myself and you aren't going to change existing versions and break things!?

    Cheers

    James

  • allanallan Posts: 48,097Questions: 1Answers: 6,918 Site admin

    Spot on. Once a file is on the CDN is isn't going to change.

    Allan

Sign In or Register to comment.