Join GitHub today
GitHub is home to over 36 million developers working together to host and review code, manage projects, and build software together.Sign up
Make SRI default #279
I feel the best way to implement this would be to make the "Copy" button default to "Copy Link/Script Tag with SRI" for all JS/CSS assets.
Additionally, if a user uses the "Copy Link/Script Tag" button that doesn't make use of SRI, show a modal explaining the benefits of using SRI.
@PeterDaveHello I'll leave the change in sha level to you :)
With the modal, I think it could be something that could use a cookie or similar so that it only needs to show once, simply educating users who may not be aware of the benefits to security of using SRO.
However, if we make the SRI copy default and "fade" the non-sri copy options, this may on its own encourage more users to use SRI.