demetrius-mp
commented
2 years ago only the integrity attribute is required for this? isnt the crossorigin="anonymous" required as well?
also, i couldnt find the hash for bootstrap icons
Open jacopotediosi opened 2 years ago
demetrius-mp
commented
2 years ago only the integrity attribute is required for this? isnt the crossorigin="anonymous" required as well?
also, i couldnt find the hash for bootstrap icons
jacopotediosi
commented
2 years ago only the
integrityattribute is required for this? isnt thecrossorigin="anonymous"required as well? also, i couldnt find the hash for bootstrap icons
Whops, you are right. The crossorigin="anonymous" is mandatory with SRI.
About the missing hash: openssl dgst -sha384 -binary FILE | openssl base64 -A
Hi,
Subresource Integrity (SRI) is a security feature that enables browsers to verify that resources they fetch (for example, from a CDN) are delivered without unexpected manipulation.
It is important to bear in mind that some apps may require the use of SRI for compliance reasons, as is happening in my case.
I think it would be useful if stylesheets imported via Styles (
import { Styles } from 'sveltestrap';) natively support CSP, setting theintegrityattribute for each added<link>tag.