Subresource integrity is a draft mechanism to let browsers verify the integrity of web resources.
Subresource Integrity is implemented in multiple browsers and tools to help you use it, such at the SRI Hash Generator are also available.
Questions tagged [subresource-integrity]
74 questions
6
votes
0 answers
Implement subresouce integrity (SRI) for analytics.js (google-analytics) Mozilla Obersvatory
Background
I have a site which uses Google analytics, like
and use Mozilla Observatory to test it for security flaws.
Problem
I have the following problem from Mozilla…
greenlamponatable
- 128
- 1
- 13
6
votes
2 answers
Subresource Integrity: How to show only warning but not block resource?
I would like to make a soft integration for Subresource Integrity attributes, so be sure that I did not break the application, but only to show a warning that I need to fix some places.
Is there an option to do so?
Stepan Suvorov
- 25,118
- 26
- 108
- 176
5
votes
2 answers
Is there a flag to disable subresource integrity checking in chromium?
We're using puppeteer and sometimes playwright to run some integration tests. We mock some of the target page's script dependencies, which causes subresource integrity hash mismatches.
Failed to find a valid digest in the 'integrity' attribute for…
Jeremy Danyow
- 26,470
- 12
- 87
- 133
5
votes
0 answers
Possible reasons for different SRI results in different browsers?
A client would like to use SRI on all CSS and JS assets on their website, but they ran into a very strange issue with Firefox. Their server is an apache2 instance, serving HTML content. CORS is enabled for the whole virtual host, for any (*) origin.…
turbo
- 1,233
- 14
- 36
5
votes
2 answers
Subresource Integrity and performance
I'm reading about Subresource Integrity but I'm worried about the performance loss. How does this (having to hash every file before executing it) slow down the page load, especially on devices with low level CPUs?
the_nuts
- 5,634
- 1
- 36
- 68
4
votes
0 answers
Google Analytics sha384 integrity hash not working
I have a google analytics script in my jekyll app that suddenly stopped capturing visitor information. I have determined that the hash has deprecated and have included the following error messages that I have: