Misplaced Pages

Subresource Integrity

Article snapshot taken from[REDACTED] with creative commons attribution-sharealike license. Give it a read and then ask your questions in the chat. We can research this topic together.

Subresource Integrity or SRI is a W3C recommendation to provide a method to protect website delivery. Specifically, it validates assets served by a third party, such as a content delivery network (CDN). This ensures these assets have not been compromised for hostile purposes.

To use SRI, a website author wishing to include a resource from a third party can specify a cryptographic hash of the resource in addition to the location of the resource. Browsers fetching the resource can then compare the hash provided by the website author with the hash computed from the resource. If the hashes don't match, the resource is discarded.

A sample script element with integrity and crossorigin attribute used by the SRI:

<script src="https://cdn.example.com/app.js"
         integrity="sha384-+/M6kredJcxdsqkczBUjMLvqyHb1K/JThDXWsBVxMEeZHEaMKEOEct339VItX1zB"
         crossorigin="anonymous"></script>

References

  1. "Subresource Integrity". Mozilla Developer Network. Retrieved 14 April 2016.

External links

World Wide Web Consortium (W3C)
Products and
standards
Recommendations
Notes
Working drafts
Guidelines
Initiative
Deprecated
Obsoleted
Organizations
Elected groups
Working groups
Community & business groups
Closed groups
Software
Browsers
Conferences
Categories:
Subresource Integrity Add topic