#2034 - Add automatic subresource integrity symbol
-
By Chris Graham
- Added
- 1 view
| Identifier | #2034 |
|---|---|
| Issue type | Feature request or suggestion |
| Title | Add automatic subresource integrity symbol |
| Status | Closed (rejected) |
| Tags |
Type: Security (custom) |
| Handling member | Chris Graham |
| Addon | core_themeing |
| Description | http://www.w3.org/TR/SRI/
Essentially you would be able to write JS like... <script src="http://somecdn/foo.js" integrity="{$URL_SHA*,http://somecdn/foo.js}"></script> Composr would automatically lookup the SHA-256 of the URL and cache that, serving future requests with the known SHA-256. The end result is to prevent certain kinds of man-in-the-middle attack. Apply this symbol in any default use of CDN URLs (if we have any, I don't think we do). |
| Steps to reproduce | |
| Funded? | No |
The system will post a comment when this issue is modified (e.g., status changes). To be notified of this, click "Enable comment notifications".
Comments
If the user relies on this, well they can't, because what if the remote content changes due to some non-security-related reason? So really they have to understand what they are doing, in which case there's no point of this feature.