frederik-braun.com
A CDN that can not XSS you: Using Subresource Integrity
Allows specifying the digest of the file that you want to include. The digest is the output of a cryptographic hash function, which helps us achieve integrity.
2 links collected from frederik-braun.com in 2016
- Sorting: Oldest links first
- Domain: frederik-braun.com
2016
- frederik-braun.com
New CSP directive to make Subresource Integrity mandatory (`require-sri-for`)
The tricky thing with SRI is that you have to include it for every HTML tag that points to a CDN if you want the security benefit. And then, of course, it happend that someone forgot to add this and people were sad. Fortunately, they brought this to the Webappsec Working Group and discussed the matter!