Raven.js Documentation Should Adopt Subresource Integrity (SRI)
See original GitHub issueAccording to MDN, “Subresource Integrity (SRI) is a security feature that enables browsers to verify that files they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched file must match.”
I believe that automatically generating and adding SRI hashes to the documentation would provide a real benefit to Sentry.io users. For example, in JavaScript/Installation, one would change:
<script src="https://cdn.ravenjs.com/3.15.0/raven.min.js"></script>
to
<script src="https://cdn.ravenjs.com/3.15.0/raven.min.js" integrity="sha384-emluOS7+UrA6MIOAWxw8L52iFpZNh7+i1kKBfkofwZJn/s66JpKS9gR1ZMOwiayX" crossorigin="anonymous"></script>
If others users wish to adopt this quickly, I generated the integrity hash via SRI Hash Generator and verified via MDN: Tools for generating SRI hashes. Now, figuring out how to automatically generate and insert it into the documentation would be up to you.
Issue Analytics
- State:
- Created 6 years ago
- Reactions:2
- Comments:9 (5 by maintainers)
Top Results From Across the Web
Subresource Integrity - Web security | MDN
Subresource Integrity (SRI) is a security feature that enables browsers to verify that resources they fetch (for example, from a CDN) are ...
Read more >Subresource integrity (SRI) - Gleb Bahmutov
This is a great security feature, and allows you to offload common libraries to 3rd party servers (CDN) without compromising your security. I ......
Read more >Subresource integrity (SRI) hashes - New Relic Explorers Hub
Hi all, we'd like to request SRI (Subresource Integrity) support with NewRelic Browser javascript integration. Nowadays it is important to ...
Read more >State of the Web Report 2019 - HubSpot
Commentary. Content Security Policy (CSP). Other Security Controls Natively Available in Modern Browsers (mobile and fixed). Subresource Integrity (SRI).
Read more >WalkMe Destination | Segment Documentation
WalkMe Digital Adoption Platform provides guidance, engagement, insights and automation to users. ... Sub-resource Integrity (SRI) SHA hash.
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
@SirRawlins starting version
5.5.0
, our browser SDK hosted on CDN has integrity checksums included - https://docs.sentry.io/platforms/javascript/ 😃Afternoon Folks 👋
Was any progress on this ever made? We’ve just been through a security audit and the lack of SRI on the sentry/raven script got flagged, only minor, but would be nice to cover it off.