Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Ability to provide glob/regex pattern for modules to *exclude* from integrity calculation and enforcement #232

Open
callpraths opened this issue May 17, 2024 · 0 comments
Open

Ability to provide glob/regex pattern for modules to *exclude* from integrity calculation and enforcement #232

callpraths opened this issue May 17, 2024 · 0 comments

Comments

@callpraths
Copy link

callpraths commented May 17, 2024
edited

Hi,

Would there be any interest in supporting a way to exclude imports to specific modules from integrity hash calculation and enforcement?

Something like:

new SubresourceIntegrityPlugin({ 
  hashFuncNames: ["sha256", "sha384"],
  excludeImports: ["@inhouse-module-federated/*", "@inhouse/gigantic-veeeery-trustworthy-package-i-know-what-i-am-doing-please"]
}),

would exclude all imports starting with @inhouse-module-federated/ prefix (perhaps because it's a module federated package and we have a different way of enforcing SRI for those) and also @inhouse/gigantic-veeeery-trustworthy-package-i-know-what-i-am-doing-please (perhaps because computing the hash really slows build down and wise or not, the app owner can make the decision to exclude it).

This is related to #176. But I believe that this proposal is a better alternative: we avoid adding hidden features within webpack-subresource-integrity that take a dependency on implementation detail of webpack-module-federation.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@callpraths