Add integrity hashes

[Samy-Belarbi]

Hi, thanks for you work !
I am wondering if there is any plan (or way) to implement integrity hashes into script / links ?

Could make it work with this repo maybe : https://github.com/ElMassimo/vite-plugin-manifest-sri

Thanks.

[lhapaipai]

hi @Samy-Belarbi, I was thinking of looking into this feature this week but I see that you forked the repo maybe you wanted to take care of it ?

[Samy-Belarbi]

Hey @lhapaipai, i will give it a try at the end of the week but i'm not sure to manage to achieve this with my current skills.

So please do not change your plan of looking into it.

[lhapaipai]

hi @Samy-Belarbi, I've implemented the feature in both branches feature/sri.
can you please give me your opinion?
on the other hand for my own knowledge i thought this attribute was important with cdn, is it also for resources that come from the same domain as the one that returns the source html file ? can you explain to me ?

[Samy-Belarbi]

Hey !

You are right, it's mostly used when you get your assets from a CDN, the browser doesn't load files if they are not matching their integrity hashes, so you are sure you are loading the correct files.

As far as i know, i don't think that's pretty useful if your files come from your own production website because if someone malicious can manipulate your files from it, it would be too late i guess ? Anyway, that can be one more security, but an overkill one.

Amazing work, i can't wait to try it. Merci !

[lhapaipai]

Thanks @Samy-Belarbi,
I will therefore check that the configuration of vite and the bundle are compatible with a cdn and I will then publish the update !
I will be inspired by Webpack Encore : https://symfony.com/doc/current/frontend/encore/cdn.html

[lhapaipai]

fixed with #52