Subresource integrity is a draft mechanism to let browsers verify the integrity of web resources.
Subresource Integrity is implemented in multiple browsers and tools to help you use it, such at the SRI Hash Generator are also available.
Questions tagged [subresource-integrity]
74 questions
429
votes
3 answers
What are the integrity and crossorigin attributes?
Bootstrapcdn recently changed their links. It now looks like this:
New user
- 4,299
- 3
- 11
- 4
26
votes
2 answers
How to solve “resource requires the request to be CORS enabled… resource has been blocked because the integrity cannot be enforced” error
I am using bootstrap icons in my project which gives me error
Subresource Integrity: The resource
'http://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/css/bootstrap.min.css'
has an integrity attribute, but the resource requires the request to
be…
Nikhil Thombare
- 1,058
- 2
- 11
- 26
18
votes
1 answer
18
votes
2 answers
Specifying the hash of a script from an untrusted host
Is there any implementation or specification for including a hash or signature in an attribute of a
mark vanzuela
- 1,373
- 4
- 23
- 37
13
votes
2 answers
Subresource integrity for images and other media?
Subresource integrity seems to be an awesome stopgap allowing to use third-party controlled HTTP-served resources in a secure way.
However the spec considers HTMLLinkElement and HTMLScriptElement interfaces only:
NOTE
A future revision of this…
minj
- 2,080
- 12
- 10
11
votes
1 answer
Google Chrome SRI hash
Has anyone came across this problem with Google Chrome and SRI Hash, it keeps throwing the same error in the console window:
Failed to find a valid digest in the 'integrity' attribute for
resource…
George Phillipson
- 830
- 11
- 39
10
votes
0 answers
Google Analytics and Subresource Integrity
I have Subresource Integrity (SRI) enabled in the Content Security Policy (CSP) headers.
How can I integrate google analytics? Using a hash for their script will probably break within a few days when google updates their analytics-javascript.
Any…
user2033412
- 1,950
- 2
- 27
- 47
10
votes
1 answer
What is the best SRI hash size?
I recently discovered the following nifty little site for generating SubResource Integrity (SRI) Tags for externally loaded resources. For example, enterring the latest jQuery URL (https://code.jquery.com/jquery-3.3.1.min.js), one gets the…
Rabadash8820
- 2,328
- 3
- 27
- 49
9
votes
1 answer
Do web browsers cache resources with Subresource Integrity (SRI) differently?
I would think that specifying Subresource Integrity hash on a resource should allow web browsers to cache much more aggresively, and basically always reuse the local copy of the resource.
Is stronger caching for SRI resources implemented (or at…
akavel
- 4,789
- 1
- 35
- 66
9
votes
1 answer
Subresource Integrity With Angular-Cli
I was wondering if anyone knew of a possible way to activate Subresource Integrety with Angular-Cli. According to the following link: GitHub Pull Request It would be a feature (or a future feature). I was hoping to activate it but it does not seem…
Alex L
- 119
- 1
- 11
9
votes
1 answer
Subresource Integrity in angularJS App which uses Require JS
I have an angular application with below index.html file
Consider in my index.html page I have the following code for SRI (SubResource Integrity)
riyas nawab
- 101
- 1
- 6
8
votes
1 answer
Subresource Integrity on CSS-included fonts over CDN (e.g. font-awesome)
How would one employ SRI for resources included by a .css file included over a CDN.
For example, if you include this in your HTML:
Brian M. Hunt
- 81,008
- 74
- 230
- 343
8
votes
3 answers
Handling load error within subresource integrity check
I'm implementing subresource integrity checks. I'd like to implement a fallback such that 1) the browsers loads from my CDN, performs the integrity check and carries on or 2) in the event of failing the integrity check, an embedded script launches…
user3797714
- 97
- 1
- 5