Open stimmsoa opened 3 years ago
This webpack plugin seems like it might do the trick: https://www.npmjs.com/package/webpack-subresource-integrity - however note the caveat about preloading. We have been investigating preloading as a mechanism of making the standard iframe button load faster.
Hi, in addition to my other security ticket related to this repos, could we also request you add an integrity check similar to:
With the scripts being loaded in an iframe and then fetched by the browser, the integrity check would give another layer of security that the script has not been tampered with (even though it does come from the seamlessaccess domain)
Many thanks