subresource integrity (SRI)

I am loading my jquery through a CDN to increase speed, but now I want to add an additional layer of protection by adding the subresource integrity (SRI) integrity flag with a hash (like suggested here: )

How do I add this to my asset loading ?

                'yii\web\JqueryAsset' => [ 

                    'sourcePath' => null,   // do not publish the bundle

                    'js' => [ '',] 


'yii\web\JqueryAsset' => [ 

    'sourcePath' => null, // do not publish the bundle

    'js' => [



            'integrity' => 'your-hash',

            'crossorigin' => 'anonymous',




… but I feel stupid… how could I not find that in the manuals ?

Is it there ?

It is in API docs. SRI isn’t covered explicitly but it is mentioned that you can use such format to set HTML attributes for a link and SRI is exactly that — HTML attributes.

Thanks… next time I need to look longer and deeper for my answers…