You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Given the nature of the project we should provide to users all the tools to verify that the content being served to the browser is the one present on this repository, allowing users to detect when instances modify the assets that are being served.
Subresource Integrity (SRI) is a security feature that enables browsers to verify that resources they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched resource must match.
While our purpose is a bit different, if hashes are present for each resource and we provide a list of those hashes for each new release, users would be able to verify the "frontend" code and assets being served has not been modified.
Lets use this issue to discuss if this proposal is worth the effort or not.
The text was updated successfully, but these errors were encountered:
Given the nature of the project we should provide to users all the tools to verify that the content being served to the browser is the one present on this repository, allowing users to detect when instances modify the assets that are being served.
One feature that might be helpful for this purpose is Subresource Integrity.
While our purpose is a bit different, if hashes are present for each resource and we provide a list of those hashes for each new release, users would be able to verify the "frontend" code and assets being served has not been modified.
Lets use this issue to discuss if this proposal is worth the effort or not.
The text was updated successfully, but these errors were encountered: