Implement Subresource Integrity #77

Serkan-devel · 2018-02-25T09:53:46Z

In response to #27:

Because this site unfortunately uses many 3rd-party resources, it might be good to minimize the likelihood of it contaminating the page.

For that I've added two things in between angle brackets:

crossorigin="anonymous"
This prevents external sites from loading cookies onto the browser. Only the IP gets logged by them.
integrity="sha256-[base64]"
If the CDN gets tampered and files get switched with malware, then the hash might differ and the resource file won't be loaded, the site might break but the user is safe.

It doesn't cover the main.css-file because it's hosted on the local server and I can only find an uncompiled scss version of it.

Serkan-devel · 2018-02-25T10:26:02Z

Oh and to get the hash value, I ran

cat material.min.js|openssl dgst -sha256 -binary|openssl base64

Implement SRI

2fad06e

This was referenced Feb 25, 2018

Implement SRI Minds/engine#17

Open

Implement SRI Minds/front#41

Open

Serkan-devel mentioned this pull request Apr 26, 2018

(feat): ability to hide posts. #94

Closed

Serkan-devel mentioned this pull request May 17, 2018

Security issue microlinkhq/metascraper#74

Closed

Serkan-devel mentioned this pull request Jun 12, 2018

Sockets invalid listen arguement Minds/sockets#1

Open

Merge remote-tracking branch 'upstream/master'

b6c1a4e

markharding force-pushed the master branch 4 times, most recently from b3d79c1 to 26b051e Compare April 17, 2020 08:54