Subresource Integrity Tags

[grempe]

I have found this plugin via the webpack setup from https://github.com/vuejs/vue-cli so I apologize for not being too familiar with it yet.

Would it be appropriate for this plugin to generate and insert into the HTML subresource integrity tags? This would offer big security benefits for the loaded assets.

e.g.

<script src="https://maxcdn.bootstrapcdn.com/bootstrap/3.3.6/js/bootstrap.min.js" integrity="sha384-0mSbJDEHialfmuBBQP6A4Qrprq5OVfW37PRR3j5ELqxss1yVqOtnepnHVP9aJ7xS" crossorigin="anonymous"></script>

See:

https://www.w3.org/TR/SRI/
https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
https://www.maxcdn.com/one/visual-glossary/subresource-integrity/
https://sritest.io/

[jantimon]

This is already build in :)

Just add https://www.npmjs.com/package/webpack-subresource-integrity and without any configuration you get sri

please let me know if it worked for you

[grempe]

Excellent. I'll give it a try.

[lock]

This issue has been automatically locked since there has not been any recent activity after it was closed. Please open a new issue for related bugs.