webpack-subresource-integrity overwrites integrity values on explicitly set externals
See original GitHub issueI’m using webpack-subresource-integrity to set integrity hashs on local resources. This works fine. At the same time I’m defining externals (including integrity hash) manually with html-webpack-externals-plugin like this:
new HtmlWebpackExternalsPlugin({
externals: [
{
module: 'jquery',
entry: {
path: 'https://code.jquery.com/jquery-3.2.1.js',
attributes: {
integrity: 'sha256-DZAnKJ/6XZ9si04Hgrsxu/8s717jcIzLy3oi35EouyE=',
crossorigin: 'anonymous',
},
},
global: 'jQuery',
},
],
})
However, the integrity attribute get’s overwritten by webpack-subresource-integrity with null, resulitng in this:
<script type="text/javascript" src="https://code.jquery.com/jquery-3.2.1.js" integrity="null" crossorigin="anonymous"></script>
Is there anyway to prevent this unwanted behavior?
Issue Analytics
- State:
- Created 5 years ago
- Comments:10
Top Results From Across the Web
webpack-subresource-integrity - npm
Webpack plugin for enabling Subresource Integrity. Latest version: 5.1.0, last published: a year ago.
Read more >webpack class extends value undefined is not a constructor or ...
When I add the following to my webpack.config.js: const { SubresourceIntegrityPlugin } = require('webpack-subresource-integrity');. I get the following stack ...
Read more >html-webpack-plugin - Awesome JS
This is a webpack plugin that simplifies creation of HTML files to serve your webpack bundles. This is especially useful for webpack bundles...
Read more >Frequently Asked Questions - single-spa
#What does single-spa do? single-spa is a top level router. When a route is active, it downloads and executes the code for that...
Read more >Releases — Bokeh 2.3.1 Documentation
Sub-Resource Integrity Hashes. Table of SRI Hashes for version 2.3. ... In this case, a user is required to set a property value....
Read more >Top Related Medium Post
No results found
Top Related StackOverflow Question
No results found
Troubleshoot Live Code
Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start FreeTop Related Reddit Thread
No results found
Top Related Hackernoon Post
No results found
Top Related Tweet
No results found
Top Related Dev.to Post
No results found
Top Related Hashnode Post
No results found
Top GitHub Comments
Hey @jscheid ! Thanks for the fix, solves the issue for me.
Now explicitly set integrity attributes on external assets don’t get overwritten. However, if one decides to purposefully omit the integrity attribute on an external asset,
integrity="null"
will still be added to the script tag, rendering the script useless. Is there a rationale behind this?Fix released in 1.3.1.