tbouffard
commented
3 years ago I have started applying this in #122 and #124
Closed tbouffard closed 3 years ago
tbouffard
commented
3 years ago I have started applying this in #122 and #124
We should do this for any styles or js resources not related to our project https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
See also https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes/crossorigin
We will have do document how to generate the hash integrity value.
Notice that jsdelivr provide a way to retrieve a way to quickly get the hash and the html script directive (SRI related copied values in the following screenshots)
https://www.jsdelivr.com/package/npm/@kogito-tooling/kie-editors-standalone?path=dist%2Fbpmn