[2021.09.20] Web页面子资源完整性校验详细指南

[chucklu]

It would be better if you can add the fallback section for sri check.

https://stackoverflow.com/questions/40408636/handling-load-error-within-subresource-integrity-check https://github.com/JackuB/subresource-integrity-fallback/ https://github.com/cyph/sri-fallback

asp-fallback-test https://docs.microsoft.com/en-us/aspnet/core/mvc/views/tag-helpers/built-in/script-tag-helper?view=aspnetcore-5.0

[chucklu]

There is another interesting thing about sri when you checkout js files with git. https://stackoverflow.com/questions/3206843/how-line-ending-conversions-work-with-git-core-autocrlf-between-different-operat

You will need to configure .gitattributes to make sure the js files are correctly checked out. It's for fallback purpose, when fallback you might use the js file from local instead of the cdn. https://github.com/dotnet/aspnetcore/pull/36115/files https://github.com/dotnet/aspnetcore/pull/20537/files

[dreamapplehappy]

It would be better if you can add the fallback section for sri check.

https://stackoverflow.com/questions/40408636/handling-load-error-within-subresource-integrity-check https://github.com/JackuB/subresource-integrity-fallback/ https://github.com/cyph/sri-fallback

asp-fallback-test https://docs.microsoft.com/en-us/aspnet/core/mvc/views/tag-helpers/built-in/script-tag-helper?view=aspnetcore-5.0

@chucklu 谢谢建议，关于fallback这部分我这篇文章中没有提及，之前也研究了一下；后续如果时间允许的话我会把相关的内容再跟大家分享一下。

[dreamapplehappy]

There is another interesting thing about sri when you checkout js files with git. https://stackoverflow.com/questions/3206843/how-line-ending-conversions-work-with-git-core-autocrlf-between-different-operat

You will need to configure .gitattributes to make sure the js files are correctly checked out. It's for fallback purpose, when fallback you might use the js file from local instead of the cdn. https://github.com/dotnet/aspnetcore/pull/36115/files https://github.com/dotnet/aspnetcore/pull/20537/files

@chucklu 关于这部分我还没有研究过，后面可以研究一下，谢谢分享。