Stuck on an issue?
Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.
And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.
add SRI hashed script tag examples to packages docs page
See original GitHub issuePerhaps under CDN url: have…
Script tag:
<script src="https://unpkg.com/@esri/arcgis-rest-request@1.9.0/dist/umd/request.umd.js" integrity="sha384-Iutv/c8BA+49hi5Y9oNmHeFbrxWU62LKbyb2YV/OK3PwGP2e4XFIq//lFTWDXryO" crossorigin="anonymous"></script>
I’m sure there’s a way to automate it.
Just a thought.
Issue Analytics
- State:
- Created 5 years ago
- Reactions:2
- Comments:7 (7 by maintainers)
Top Results From Across the Web
Subresource Integrity - Web security | MDN
Subresource Integrity (SRI) is a security feature that enables browsers to verify that resources they fetch (for example, from a CDN) are ...
Read more >Subresource Integrity Hash Generator #507 - veler/DevToys
Solution/Idea. Implement a new generator for Subresource Integrity. Given an HTTPS URL, read the content and generate the hash of the content.
Read more >Use subresource integrity
Require scripts and link elements to use Subresource Integrity. ... This hint checks that a website correctly uses SRI, more specifically:.
Read more >Locking Down Your Website Scripts with CSP, Hashes ...
Can my package create its own CSP header with a nonce and will the browser merge the headers and allow several nonces as...
Read more >Use Tag Manager with a Content Security Policy
Tag Manager will then propagate the nonce to any scripts that it adds to the page. There are other approaches to enabling the...
Read more >
Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free
Top Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
anything that generates a ready to use script tag with an integrity hash would be fine by me.
happy to discuss further in a PR.
Here’s where I got to @jgravois.
https://github.com/COV-GIS/arcgis-rest-js/commit/579636bafebff4f2b352c70863dc5331d5650d5e
If there’s some direction or ideas I’m open to them.
I can also submit a PR with just the script tag for now as well.