Provide Sub-resource Integrity

[eddietejeda]

User Story

Background (Optional)

Our security scans alert that assets are missing "Subresource Integrity" More info: https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity

Can Federalist handle this for our users?

Acceptance Criteria

• [ ] investigate whether DAP supports this ... other scripts are supported in template
• [ ] add best practices info to the federalist documentation
• [ ] Change made live via deploy of templates

After evaluating, edit this part:

Level of effort - Low

Implementation outline (if higher than "low" effort):

• [ ]

[amirbey]

@eddietejeda to discuss w/ team the vision on why this is necessary

@davemcorwin - while this is could be a best practice, requiring this could impact usability for our users

[davemcorwin]

@eddietejeda This is something that is specific to js resources loaded via script tags. The best we can do here is update any templates with script tags to include the integrity attribute. If so, we can create issues in the template repos to add them.