SRI for external resources

As of Sitevision 2022.08.1 it will be possible to add SRI checks to external resources.

Subresource integrity for external resources

In Sitevision 2022.08.1 there is an option to add SRI checks to external CSS and Javascript resources.

When you create your external CSS or Javascript addon (typically in i Template) you can now add the integrity checksum and select the crossorigin value.

Screenshot showing the settings for SRI in javascript addons.

Sitevision will add the integrity checksum and the crossorigin to the page source code (if the source is external).

Example html output:

<!-- HTML -->
<script src="https://myfavoritecdn.com/myexternallibrary-min.js"
        integrity="sha256-u7e5khyithlIdTpu22PHhENmPcRdFiHRjhAuHcs05RI="
        crossorigin="anonymous">
</script>

Checksum integrity matters

The client browser will calculate a checksum of the downloaded resource and compare it to the value of the integrity attribute. If the checksums doesn't match, the browser will reject and completely ignore the resource. I.e. the script/CSS will not be applied at all by the browser (page will typically look unexpected and/or lack expected functionality).

Do you want to subscribe to News from Sitevision Developer team? Subscribe here!