armorcodegithubqa[bot]
commented
1 year ago Finding [38158367|https://qa.armorcode.ai/#/findings/278/1413/38158367] status changed from Open to Confirmed
Note:
by SYSTEM via ArmorCode Platform
Open armorcodegithubqa[bot] opened 1 year ago
armorcodegithubqa[bot]
commented
1 year ago Finding [38158367|https://qa.armorcode.ai/#/findings/278/1413/38158367] status changed from Open to Confirmed
Note:
by SYSTEM via ArmorCode Platform
Subresource Integrity (SRI) is a security feature that enables browsers to verify that third-party resources they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing developers to provide a cryptographic hash that a fetched file must match.
Third-party resources (such as scripts and stylesheets) can be manipulated. An attacker that has access or has hacked the hosting CDN can manipulate or replace the files. SRI allows developers to specify a base64-encoded cryptographic hash of the resource to be loaded. The integrity attribute containing the hash is then added to the <script> HTML element tag. The integrity string consists of a base64-encoded hash, followed by a prefix that depends on the hash algorithm. This prefix can either be sha265, sha384 or sha512.
The script loaded from the external URL specified in the Details section doesn't implement Subresource Integrity (SRI). It's recommended to implement Subresource Integrity (SRI) for all the scripts loaded from external hosts.
Finding Id : [38158367|https://qa.armorcode.ai/#/findings/278/1413/38158367]