Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SHA256 Subresource Integrity of dependencies #8

Open
aardbol opened this issue Jun 8, 2019 · 0 comments

Comments

@aardbol
Copy link
Owner

commented Jun 8, 2019

By viewing the source code, it should be immediately clear that the JavaScript/CSS dependencies have not been modified since the user's last visit, to allow for more transparency of changes to the code. We can improve this by adding the Subresource Integrity sha256 hashes to the script and stylesheet elements.

Every time a dependency is upgraded, the hash will be updated and added to this issue for transparency.

Current hashes:

jquery-3.4.1.js
sha256-WpOohJOqMqqyKL9FccASB9O0KwACQJpFTUBLTYOVvVU=

semantic-2.7.5.js
sha256-/fbdRVqLH/oOOtOg/Eb0A1ttDWTJn6L6yxhO2HC/+yg=

xxtea.js
sha256-FeTvtpHz0E1sewBokHlUBIwlYAx0yA7f9m+KVHvEJCY=

semantic-2.7.5.css
sha256-3a0+mzIiHF2Wt5DvkjjoX0+M9otO3KTaMaqhaSwVZXg=

custom.css
sha256-kh6gVNFTId2fxJriixeeDfo5X8rK0ZW9i81infWYch8=

@aardbol aardbol pinned this issue Jun 8, 2019

aardbol added a commit that referenced this issue Jun 30, 2019

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
1 participant
You can’t perform that action at this time.