Closed omgitstom closed 6 years ago
From my understanding, this should be pretty easy to accomplish. The SRI hash can be generated with:
cat stormpath.min.js | openssl dgst -sha384 -binary | openssl enc -base64 -A
Here's what we need to do:
stormpath.min.js
for the newly-tagged versionI think SHA-384 would make sense for the hash length, because it's as secure as SHA-512 and requires less computational work for the browser.
Since we are hosting this on Stormpath CDN, we should disclose subresource integrity for individual versions of the widget