Sub Resource Integrity

Hi,

Our Nessus scanning is complaining about something called Sub Resource Integrity when requesting the prismic script at https://static.cdn.prismic.io/prismic.min.js

Has anyone come across this before, I’m currently wondering where to even start looking.

MDN has the following https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity

It look like something that would need to be enabled on the Prismic end.

Any pointers much appreciated

Thanks

jason

You need to add an integrity attribute to the script where you import prismic.min.js.

Something like this:

<script src="https://cdn.example.com/app.js"
        integrity="sha384-+/M6kredJcxdsqkczBUjMLvqyHb1K/JThDXWsBVxMEeZHEaMKEOEct339VItX1zB"
        crossorigin="anonymous"></script>
2 Likes

Hi @marcellothearcane, thanks for that … We’re using Gatsby to generate a static site with content from Prismic, so I guess we should look at trying to inject the above into the Gatsby build process, or maybe use Helmet in the source to add it … you’ve given some food for thought, so thanks.

1 Like

Hey Jason, are you still having this issue with the Nessus scanning?

This issue has been closed due to inactivity.