Subresource integrity is a draft mechanism to let browsers verify the integrity of web resources.
Subresource Integrity is implemented in multiple browsers and tools to help you use it, such at the SRI Hash Generator are also available.
Questions tagged [subresource-integrity]
74 questions
2
votes
1 answer
TypeError: Cannot read property 'tap' of undefined when adding webpack-subresource-integrity
I'm trying to configure the webpack-subresource-integrity package on my config-overrides.js(react-app-rewired):
const { SubresourceIntegrityPlugin } = require('webpack-subresource-integrity');
module.exports = function override(config, env) {
…
Kevin Bryan
- 1,846
- 2
- 22
- 45
2
votes
0 answers
Is it possible to log client-side sub-resource integrity errors with javascript?
I am looking for a way to intercept the sub-resource integrity error messages that are generated when any integrity hash values are invalid. Is there any way to intercept these events using on-page JavaScript, or detect if a node has an invalid…
James W.
- 154
- 3
- 13
2
votes
1 answer
How to work with SRI hash and "onload" attribute
Following Google Lighthouse recommandations to get a faster response for my website, I'm using this trick to post-load fonts:
Doubidou
- 1,573
- 3
- 18
- 35
2
votes
2 answers
Edge17 - SEC7136 - The origin failed an integrity check for a resource
In a jekyll website, I added a plugin (http://flexslider.woothemes.com/), everything is working fine upto Edge16 & below browsers, however, in Edge17, I see the console message:
SEC7136: [Integrity] The origin '[insert url]' failed an integrity…
Kayote
- 14,579
- 25
- 85
- 144
2
votes
0 answers
Subresouce Integrity CORS breaking on Chrome
I have a js file in an s3 bucket, served by cloudfront, which is called through a cname.
request -> cname.fake.com -> cloudfront -> s3bucket
The tag generated has an integrity and cossorigin attribute and seems to work in all browsers but chrome…
jrabramson
- 105
- 1
- 8
2
votes
0 answers
Subresource Integrity Protection in Wordpress
I have getting subresource integrity error while scanning my website on https://observatory.mozilla.org/
I tried to use wp-sri plugin but its conflicting with other plugin, is there any other way to fix it.
Error test score screenshot:
Naveen Kumar
- 1,266
- 1
- 21
- 50
2
votes
1 answer
Subresource integrity for animate.css?
Google didn't turn up anything on the topic and there are some questions related to Subresource integrity on Stackoverflow but my question is: how do you generate this cryptographic hash for a CDN ? In my case it is the animate.css, but I…
carkod
- 1,844
- 19
- 32
2
votes
2 answers
srihash.org not working for .js file from cesiumjs.org
I have generated the following code using srihash.org for URL https://cesiumjs.org/releases/1.21/Build/Cesium/Cesium.js:
ValarDohaeris
- 6,064
- 5
- 31
- 43
2
votes
1 answer
Subresource Integrity Protection doesn't work in Chrome
I added integrity and crossorigin tags to my scripts according to Subresource Integrity, but now they give an error in the console saying
Script from origin 'http://pagead2.googlesyndication.com' has been blocked from loading by Cross-Origin…
Chloe
- 25,162
- 40
- 190
- 357
1
vote
1 answer
is nextjs 12 and 13 version supports the subresource integrity for CDN javascripts?
we have Nexjs 12 version in our application, I have searched about SRI implementation for Nextjs 12 version,then found this offical nextjs github link https://github.com/vercel/next.js/issues/1037. I have tried with SRI configuration as per…
Sarada
- 21
- 1
1
vote
0 answers
Sub-resource integrity breaks CSS
I have a very simple web page with some tables, with a very simple CSS file. When trying to add SRI, the CSS completely stops loading, despite the hash being provided. Here is the CSS :
table,
td,
th {
border: 1px solid black;
}
td,
th {
…
ice-wind
- 690
- 4
- 20
1
vote
0 answers
google reCaptcha integrity-check and CORS
I've successfully integrated google reCaptcha into my website.
It works OK. Now I', trying to make it more sucure.
Adding Content-Security-Policy to .htaccess also worked…
Dainiasas
- 21
- 3
1
vote
1 answer
Browser won't reload cached resources and fail SRI check
My websites use stylesheets and script ressources with the integrity attribute (also known as SRI, subresource integrity) and have cache policies currently ranging up to a couple of weeks in some cases, for example cache-control: max-age=1209600…
Num Lock
- 742
- 1
- 6
- 32
1
vote
2 answers
How can I include SRI hash in ScriptBundle for .NET MVC (4.7.2) application?
Currently my bundles are using local copies of common libraries.
bundles.Add(new ScriptBundle("~/bundles/bootstrap").Include(
"~/Scripts/bootstrap.js",
"~/Scripts/moment.min.js",
…
Mark Seymour
- 111
- 4
- 16
1
vote
0 answers
ApiPlatform - implement security authorization on subresource route
I'm using Symfony5 and ApiPlatform
I have a User entity and a Product entity.
I want to list all my user's products through a subressource, to do so I've implemented my user class as follow :
/**
* @ApiResource(
* attributes={
* …
baronbrn
- 89
- 12