Feature Idea - Security - Subresource Integrity

[rtpHarry]

Not something I am likely to get around to but it should be considered for integration in Orchard as Orchard has built in CDN support:

• https://www.tinfoilsecurity.com/blog/subresource-integrity
• https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity

Basically its a new feature that lets you generate a hash of the expected CDN contents and the browser will verify it before it loads it.

[sebastienros]

It's already in Orchard2's resource manager BTW.

[rtpHarry]

I was just looking around and noticed there was a taghelper already out for core:

• http://rehansaeed.com/subresource-integrity-taghelper-using-asp-net-core/

Linking to the article as it has some gotchas in it which could be useful for the o1 implementor.