admin管理员组

文章数量:1326322

I have a few <script src=""> tags in my script. For all the js files that are in the internal file system, I'm using the mand like-

cat jquery.js | openssl dgst -sha384 -binary | openssl base64 -A

to generate a base64-encoded sha384 hash and include that in the script tag like-

<script src="/js/jquery.js" integrity="J3vFgsKDNFSLyAxQe5jAHGNrVWc5wlIQG+hTxg57KX5ESMgxRMK1AbVWMP7kXogS"></script>

But my script also has a few js that are external like-

<script src=".js"></script>

How can I generate the hash for the external js so that I can include the intergrity attribute for those as well?

I have a few <script src=""> tags in my script. For all the js files that are in the internal file system, I'm using the mand like-

cat jquery.js | openssl dgst -sha384 -binary | openssl base64 -A

to generate a base64-encoded sha384 hash and include that in the script tag like-

<script src="/js/jquery.js" integrity="J3vFgsKDNFSLyAxQe5jAHGNrVWc5wlIQG+hTxg57KX5ESMgxRMK1AbVWMP7kXogS"></script>

But my script also has a few js that are external like-

<script src="https://code.jquery./jquery-latest.js"></script>

How can I generate the hash for the external js so that I can include the intergrity attribute for those as well?

  • javascript
  • cdn
  • pci-pliance
Share Improve this question asked Mar 6, 2019 at 17:56 manishkmanishk 5368 silver badges28 bronze badges
Add a ment  | 

2 Answers 2

Reset to default 4

You can generate the SRI Hash for external js resources on this link SRI HASH

I ran a diagnosis after this, and works perfectly

You could always download the file to disk and then run your mand. Or alternatively you can swap out the first part of your mand - instead of cat jquery.js, you can have curl -s <URL>

Putting it together:

curl -s https://code.jquery./jquery-latest.js | openssl dgst -sha384 -binary | openssl base64 -A

Keep in mind that if (when) the script is updated by the third-party, integrity check will fail. With the jQuery example, you should expect that a "jquery-latest.js" file will change when an update is released (hence breaking the integrity check and causing the script to fail to load). In other words, your web site is likely to break when an update is released.

You may want to consider linking to a specific version instead (e.g. "https://code.jquery./jquery-3.4.1.min.js"). This means you (or another web developer on the team) will be responsible for keeping jQuery (and the script tag's hash) up to date - especially when a security fix is released.

Also it's worth noting that if the file is hosted on the same domain (i.e. on your web server), you don't have to include the hash for PCI pliance. The hash is only required for externally hosted javascript files.

本文标签: javascriptPCI Compliance Script Src Integrity CheckStack Overflow

版权声明:本文标题:javascript - PCI Compliance- Script Src Integrity Check - Stack Overflow 内容由网友自发贡献,该文观点仅代表作者本人, 转载请联系作者并注明出处:http://www.betaflare.com/web/1742204596a2432579.html, 本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌抄袭侵权/违法违规的内容,一经查实,本站将立刻删除。