joshowen
commented
8 years ago +1
Open jensenbox opened 8 years ago
joshowen
commented
8 years ago +1
cyberdelia
commented
8 years ago Not sure it's that easy, but a pull request is welcome!
skorokithakis
commented
8 years ago @cyberdelia I'd like to give this a shot, any pointers as to where I could start?
jezdez
commented
8 years ago @pmclanahan and me are interested in that as well after talking to @fmarier a bit (spec coauthor).
pmclanahan
commented
8 years ago +1 I looked at this a bit but was pulled away by work. It shouldn't be too bad, but the code in this area is a bit confusing, and there is a decision to make about where and how to store the hash since it's not the same as the one from Django.
skorokithakis
commented
8 years ago What do you mean by that? Which hash does Django use, and where? Also, couldn't this hash be put in the manifest?
pmclanahan
commented
8 years ago I mean it depends on you using ManifestFilesMixin or CachedFilesMixin, but you don't have to use those, and those use sha1 anyway which isn't supported by the spec. I guess you're right though that we'd have to require the use of a manifest to support this feature.
skorokithakis
commented
8 years ago Why not change the hashing algorithm? Does anyone rely on it?
pmclanahan
commented
8 years ago Could override it here probably, but that'd be a change to Django, and for the use in Django staticfiles app it really doesn't need any more than sha1. It might land if someone did it though.
eoinof
commented
7 years ago I'm want to implement this for our project. Has anyone done any work they want to share already or I can just launch in..
http://githubengineering.com/subresource-integrity/
Sounds like an easy enough thing to add.