8000 Add SRI to hotlinking examples · Issue #326 · pyscript/pyscript · GitHub
[go: up one dir, main page]
Skip to content

Add SRI to hotlinking examples #326

New issue
New issue
Closed
Closed
Add SRI to hotlinking examples#326
Labels
backlogissue has been triaged but has not been earmarked for any upcoming releasetype: featureNew feature or request
@mflaxman

Description

@mflaxman
mflaxman
opened on May 10, 2022

Given the security implications of pyscript, it makes sense to recommend SRI when hotlinking pyscript.js:

<script
    defer
    src="https://pyscript.net/alpha/pyscript.js"
    integrity="sha384-IwRwL1M346tP5zp9BKvjinCQC8x78+d+KCeRonZ6gO4XgSBop4cJegZ+SV++AhMR"
    crossorigin="anonymous"
></script>

Integrity check was calculated successfully as follows:

$ curl https://pyscript.net/alpha/pyscript.js | openssl dgst -sha384 -binary | openssl base64 -A
IwRwL1M346tP5zp9BKvjinCQC8x78+d+KCeRonZ6gO4XgSBop4cJegZ+SV++AhMR

Of course this will create issues when updating pyscript.js, so these links really should be version-pinned (I assume that's what /alpha/ means in this context).

Metadata

Metadata

Assignees

No one assigned

    Labels

    backlogissue has been triaged but has not been earmarked for any upcoming releasetype: featureNew feature or request

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions
      0