Sub Resource Integrity

jason1 · August 3, 2020, 12:00pm

Hi,

Our Nessus scanning is complaining about something called Sub Resource Integrity when requesting the prismic script at https://static.cdn.prismic.io/prismic.min.js

Has anyone come across this before, I'm currently wondering where to even start looking.

MDN has the following Subresource Integrity - Web security | MDN

It look like something that would need to be enabled on the Prismic end.

Any pointers much appreciated

Thanks

jason

marcellothearcane · August 3, 2020, 12:12pm

You need to add an integrity attribute to the script where you import prismic.min.js.

Something like this:

<script src="https://cdn.example.com/app.js"
        integrity="sha384-+/M6kredJcxdsqkczBUjMLvqyHb1K/JThDXWsBVxMEeZHEaMKEOEct339VItX1zB"
        crossorigin="anonymous"></script>

jason1 · August 3, 2020, 12:20pm

Hi @marcellothearcane, thanks for that … We’re using Gatsby to generate a static site with content from Prismic, so I guess we should look at trying to inject the above into the Gatsby build process, or maybe use Helmet in the source to add it … you’ve given some food for thought, so thanks.

Pau · September 25, 2020, 8:15pm

This issue has been closed due to inactivity.

Topic		Replies	Views
Problem with the Export Prismic for Content Creators	6	587	December 9, 2021
Can't access repo: 503 error Prismic for Content Creators	3	305	May 12, 2022
Just some feedback Prismic for Content Creators	1	309	December 5, 2022
Content API down for one repo Prismic for Content Creators	10	399	December 9, 2021
How to manage website and blog content with Prismic Developing with Prismic	7	1231	December 9, 2021

Sub Resource Integrity

Related Topics