Subresource Integrity (SRI) | ww.wp.xz.cn

Resolved bulls_shark
(@bulls_shark)

6 years, 9 months ago

Hello I would like to insert the following:

Subresource Integrity (SRI)
https://cdn.onesignal.com
https://connect.facebook.net

How do I do that and is this important?

Thanks for the support!

Viewing 2 replies - 1 through 2 (of 2 total)

Plugin Author Dimitar Ivanov
(@zinoui)

6 years, 9 months ago

Hi @bulls_shark

To use Subresource Integrity (SRI) you have to do the following:

1. Add an integrity attribute to your <script> elements, for example:

<script src="https://example.com/example-framework.js" integrity="sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC" crossorigin="anonymous"></script>

2. Go to Security/Content-Security-Policy page and check the following:

require-sri-for script

The above settings will force the browser to send the following response header:

Content-Security-Policy: require-sri-for script;

3. Go to “Access Control”/Access-Control-Allow-Origin page and choose the wildcard “*” value. This step is required only if you intend to use SRI for resources with origins that differs than your origin.

That’s all.

Thread Starter bulls_shark
(@bulls_shark)

6 years, 9 months ago

Hello, thanks for your support

Viewing 2 replies - 1 through 2 (of 2 total)

The topic ‘Subresource Integrity (SRI)’ is closed to new replies.

Tags

2 replies
2 participants
Last reply from: bulls_shark
Last activity: 6 years, 9 months ago
Status: resolved