Close menu

Subresource Integrity


Source: http://en.wikipedia.org/wiki/Subresource_Integrity
Updated: 2017-05-17T18:12Z

Subresource Integrity or SRI is a W3C recommendation to provide a method to protect website delivery. Specifically, it validates assets served by a third party, such as a content delivery network (CDN). This ensures these assets have not been compromised for hostile purposes.

To use SRI, a website author wishing to include a resource from a third party can specify a cryptographic hash of the resource in addition to the location of the resource. Browsers fetching the resource can then compare the hash provided by the website author with the hash computed from the resource. If the hashes don't match, the resource is discarded.[1]

As of April 2016, SRI is supported by Firefox, Chrome, and Opera.[2]

As of May 2017, SRI is supported by Safari Technology Preview.[3]

Sample link element with integrity attribute used by SRI:

<link rel="stylesheet" href="https://cdn.example.com/style.css"     integrity="sha384-+/M6kredJcxdsqkczBUjMLvqyHb1K/JThDXWsBVxMEeZHEaMKEOEct339VItX1zB">

References

  1. ^ "Subresource Integrity". Mozilla Developer Network. Retrieved 14 April 2016. 
  2. ^ "Subresource Integrity". Can I use... Support tables for HTML5, CSS3, etc. Retrieved 14 April 2016. 
  3. ^ Inc., Apple. "Release Notes - Safari Technology Preview - Apple Developer". developer.apple.com. Retrieved 2017-05-17. 

External links

Text is available under the Creative Commons Attribution-ShareAlike License; additional terms may apply. By using this site, you agree to the Terms of Use and Privacy Policy. Wikipedia is a registered trademark of the Wikimedia Foundation, Inc., a non-profit organization.

Also On Wow

    Advertisement

    Trending Now