Subresource Integrity (SRI)

by immontilla

According to Mozilla, Subresource Integrity (SRI) is a security feature that enables browsers to verify that files they fetch are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched file must match. In simple words, it is a mechanism to check the integrity of CDN hosted files.

There are a wide range of resources on Internet to help to apply SRI.

  • To scan your website for Subresource Integrity: Visit https://sritest.io/ and scan it.

  • To hash your CDN dependencies: Visit https://www.srihash.org/ and hash them all.

  • To hash your CDN dependencies by your own, run this commands:

#Download the library file, for instance jquery.min.js
wget https://cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js
cat jquery.min.js | openssl dgst -sha256 -binary | openssl enc -base64

The hash would be hwg4gsxgFZhOsEEamdOYGBf13FyQuiTwlAQgxVSNgt4=
Add it to your script tag by doing:

<script type="text/javascript" src="//cdnjs.cloudflare.com/ajax/libs/jquery/3.2.1/jquery.min.js" integrity="sha256-hwg4gsxgFZhOsEEamdOYGBf13FyQuiTwlAQgxVSNgt4=" crossorigin="anonymous"></script>

SRI is increasing its popularity nowadays. Apply it soon! Is relatively easy.