-
-
Notifications
You must be signed in to change notification settings - Fork 140
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implement SRI, says Moz Observatory #973
Comments
It looks like we have some SRI in place already but need to add it one other: Lines 158 to 165 in d60d598
|
I was about to drop the SRI attributes, but then noticed that jsdelivr had some warnings: * Skipped minification because the original files appear to be already minified. * Original file: /npm/@docsearch/[email protected]/dist/umd/index.js * Do NOT use SRI with dynamically generated files! More information: https://www.jsdelivr.com/using-sri-with-dynamic-files So, to heed these warnings, I decided it was best to pin to a particular version of docsearch and use the pre-minified index.js to avoid dynamic modification. Work toward Homebrew#973
There's an issue open upstream about this: algolia/docsearch#1561 |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
Keep open. I have a plan that might involve moving that in-page js to a file. |
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. |
Still on my todo list. |
Don't think we need to keep this issue open given the PR. |
Quoth Mozilla Observatory, which gives brew.sh a D rating as of d60d598:
https://infosec.mozilla.org/guidelines/web_security#subresource-integrity has instructions.
The text was updated successfully, but these errors were encountered: