shivam017arora
commented
3 years ago Hi,
is there any work around this?
Open jorgecarleitao opened 5 years ago
shivam017arora
commented
3 years ago Hi,
is there any work around this?
nutjob4life
commented
1 year ago I'm surprised this is still open. The various applications where I use Plotly all get flagged by the popular security scanners for not having an "integrity" attribute.
@shivam017arora, the workaround is to grab a copy of plotly-latest.min.js, verify its contents, and serve it yourself along with your application.
Integrity check is important to reduce the attack surface, specially for plotly on which critical data can flow through a JS client.
This issue proposes adding an "integrity" attribute to the links specified here: https://plot.ly/javascript/getting-started/#plotlyjs-cdn