Subresource integrity support?

[folz]

Is there support for subresource integrity when generating script/link tags? If not, would you be ok with a PR to add support for this?

[mheppner]

Could this be implemented directly with django-webpack-loader, or would you have to integrate it with something like webpack-subresource-integrity?

[yourcelf]

django-webpack-loader could implement this directly by computing the hash of a file when it first loads new stats from webpack-bundle-tracker. It would probably be easier to compute the hash in python rather than relying on another webpack plugin -- webpack-subresource-integrity would require storing and watching yet another json file to get the results of the hash out. The hash result could be cached alongside the filenames, so it wouldn't be a performance drag.

[owais]

I think it's better the support is added to webpack-bundle-tracker or somehow is integrated with a webpack plugin because on Django's side we'll need ability to read bundles (from network), hash them, cache the results, etc. There are plugin that already do this on webpack's side. Being able to leverage existing webpack ecosystem instead of writing python code for every new feature was the biggest motivation behind this project.

If anyone wants to contribute this, let's talk over at https://github.com/owais/webpack-bundle-tracker repo.

[fjsj]

Closed via django-webpack/webpack-bundle-tracker#59

[fjsj]

Related: #315