robov
(Robov99)
October 5, 2017, 8:18am
1
I am loading my jquery through a CDN to increase speed, but now I want to add an additional layer of protection by adding the subresource integrity (SRI) integrity flag with a hash (like suggested here: https://www.troyhunt.com/protecting-your-embedded-content-with-subresource-integrity-sri/ )
How do I add this to my asset loading ?
'yii\web\JqueryAsset' => [
'sourcePath' => null, // do not publish the bundle
'js' => [ 'https://code.jquery.com/jquery-2.2.4.min.js',]
],
samdark
(Alexander Makarov)
October 5, 2017, 10:02am
2
'yii\web\JqueryAsset' => [
'sourcePath' => null, // do not publish the bundle
'js' => [
[
'https://code.jquery.com/jquery-2.2.4.min.js',
'integrity' => 'your-hash',
'crossorigin' => 'anonymous',
],
],
robov
(Robov99)
October 5, 2017, 10:49am
3
Awesome…
… but I feel stupid… how could I not find that in the manuals ?
Is it there ?
samdark
(Alexander Makarov)
October 5, 2017, 10:34pm
4
It is in API docs. SRI isn’t covered explicitly but it is mentioned that you can use such format to set HTML attributes for a link and SRI is exactly that — HTML attributes.
robov
(Robov99)
October 6, 2017, 6:26am
5
Thanks… next time I need to look longer and deeper for my answers…