Open JonasKruckenberg opened 3 years ago
aral
commented
3 years ago @JonasKruckenberg Thanks for the suggestion, Jonas. Is this a use case you’ve encountered in your own project (i.e., has the lack of SRI in your dev environment led to a confusion/issue while developing).
I’m not against the suggestion, I just want to ensure that any complexity we add to a simple module like this has a tangible use case/real-world benefit attached :)
JonasKruckenberg
commented
3 years ago To be honest, in my experience the issue is the other way around, development mode doesn't benefit from SRI on it's own, but there have been cases for me where pages broke in production because the SRI hashes were suddenly present. This would be effectively prevented if hashes were present in development too
aral
commented
3 years ago Then it’s a valid use case. I’m also all for keeping development and production as close as possible (he says, while also enjoying hot module replacement) :)
Currently the plugin only gets invoked during build mode, this makes perfect sense as the bundle is not present during dev mode. However instead each url in the html is a valid file path, so you could use the projects root dir and the file path to provide integrity hashes during serve mode as well. I don't know how this would work with hot-module reloading (not really well I could imagine) but it'd bring the development behavior closer to the production behavior.