Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Show example with sub-resource integrity

See original GitHub issue

Summary

The README file here shows this example:

<script src="https://js.stripe.com/v3" async></script>

That approach is not best practice. Instead, please use an example that includes sub-resource integrity.

Issue Analytics

State:
Created 2 years ago
Reactions:1
Comments:6

Top GitHub Comments

6reactions

fulldecentcommented, Apr 16, 2021

So basically, don’t publish version update notes and integrity hashes for https://js.stripe.com/v3 because… San Francisco

1reaction

fulldecentcommented, Apr 15, 2021

This is a live security concern with the current product

Top Results From Across the Web

Subresource Integrity - Web security | MDN

Subresource Integrity (SRI) is a security feature that enables browsers to verify that resources they fetch (for example, from a CDN) are ...

Securing Your Website With Subresource Integrity - CSS-Tricks

Solution: Subresource Integrity (SRI). SRI is a security policy that prevents the loading of resources that don't match an expected hash.

Subresource Integrity - W3C

Abstract. This specification defines a mechanism by which user agents may verify that a fetched resource has been delivered without unexpected ...

Subresource Integrity Sample - GitHub Pages

Subresource integrity defines a mechanism by which a browser can verify that a fetched resource has been delivered without unexpected manipulation. Metadata ...

Demo - Sub Resource Integrity - YouTube

Sub Resource Integrity is used to help verify external scripts added to an application. This demo walks through how to set it up....