Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

How do I get an SRI (subresource integrity) hash for aspnetcdn.com?

I am trying to upgrade the jQuery and Bootstrap version on a ASP.NET Core project.

Initially, Visual Studio created this by default in the _layout.cshtml file:

<script src="https://ajax.aspnetcdn.com/ajax/bootstrap/3.3.7/bootstrap.min.js"
        asp-fallback-src="~/lib/bootstrap/dist/js/bootstrap.min.js"
        asp-fallback-test="window.jQuery && window.jQuery.fn && window.jQuery.fn.modal"
        crossorigin="anonymous"
        integrity="sha384-Tc5IQib027qvyjSMfHjOMaLkfuWVxZxUPnCJA7l2mCWNIpG9mGCD8wGNIcPD7Txa">

Where can I get the integrity attribute's values for new versions?

like image 469
user2328625 Avatar asked Feb 12 '18 23:02

user2328625


People also ask

What is subresource integrity Sri?

Subresource Integrity. Jump to: Subresource Integrity (SRI) is a security feature that enables browsers to verify that resources they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched resource must match.

What does Sri mean in a website?

Subresource Integrity Subresource Integrity (SRI) is a security feature that enables browsers to verify that resources they fetch (for example, from a CDN) are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched resource must match.

How do I generate a Sri hash?

In a Windows environment, you can create a tool for generating SRI hashes with the following code: Save that code in a file named sri-hash.bat in the Windows SendTo folder in your environment (for example, C:\Users\USER\AppData\Roaming\Microsoft\Windows\SendTo ). Right-click a file in the File Explorer, select Send to..., and then select sri-hash.

How do I get the integrity attribute from a SHA256 hash?

From there the cat command outputs the file which is piped into OpenSSL that is going to run it through the SHA256 hash and give us the digest in binary form. That is then piped into OpenSSL again to base64 encode the output. The resulting string is the value that is needed for the integrity attribute.


1 Answers

I've been using https://www.srihash.org/, but you can google "SRI Hash Generator" if that site is ever down.

like image 123
Steve Owen Avatar answered Sep 19 '22 10:09

Steve Owen