Add option in SSG for outputting SRI hashes as JSON

kindspells / astro-shield

Astro integration to enhance your website's security with SubResource Integrity hashes, Content-Security-Policy headers, and other techniques.

https://astro-shield.kindspells.dev

MIT License

57 stars 6 forks source link

Add option in SSG for outputting SRI hashes as JSON #67

Open Bwc9876 opened 7 months ago

Bwc9876 commented 7 months ago

Hey there, this project seems super handy!

One thing is that in an SSR context where the Astro output is being used by a framework written in another language (Django, Flask, Rocket, etc) it may be handy to have an option to output SRI hashes of a statically generated site to JSON instead of a JS module.

Upvote & Fund

We're using Polar.sh so you can upvote and help fund this issue.
We receive the funding once the issue is completed & confirmed by you.
Thank you in advance for helping prioritize & fund our backlog.

castarco commented 7 months ago

Hi @Bwc9876, that sounds like a good idea 😃. I have some doubts about your proposal, though.

How do you expect it to work? In my mind I have something quite simple, just having an exact equivalent of the "hashes module" but in JSON format.

So, if today we have sri.hashesModule, we would also have the option sri.hashesJson (or something similar, I'd have to think about its name).

Bwc9876 commented 7 months ago

Yeah I was thinking the same thing, another option to specify a path to output the JSON to like sri.hashesJson would work.