Support » Plugin: HTTP Headers » Subresource Integrity (SRI)

Viewing 2 replies - 1 through 2 (of 2 total)
  • Plugin Author Dimitar Ivanov

    (@zinoui)

    Hi @bulls_shark

    To use Subresource Integrity (SRI) you have to do the following:

    1. Add an integrity attribute to your <script> elements, for example:

    <script src="https://example.com/example-framework.js" integrity="sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC" crossorigin="anonymous"></script>

    2. Go to Security/Content-Security-Policy page and check the following:

    require-sri-for script

    The above settings will force the browser to send the following response header:

    Content-Security-Policy: require-sri-for script;

    3. Go to “Access Control”/Access-Control-Allow-Origin page and choose the wildcard “*” value. This step is required only if you intend to use SRI for resources with origins that differs than your origin.

    That’s all.

    Hello, thanks for your support

Viewing 2 replies - 1 through 2 (of 2 total)
  • The topic ‘Subresource Integrity (SRI)’ is closed to new replies.