From d9a9a532178aff2def9992c39db37fcd79092fa2 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Michael=20Mur=C3=A9?= Date: Sun, 3 Mar 2019 17:18:06 +0100 Subject: [PATCH] playground: secure CDN resources with Subresource Integrity --- handler/playground.go | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) diff --git a/handler/playground.go b/handler/playground.go index b3297f44ab3..09db11de152 100644 --- a/handler/playground.go +++ b/handler/playground.go @@ -11,9 +11,12 @@ var page = template.Must(template.New("graphiql").Parse(` - - - + + + {{.title}} @@ -44,9 +47,12 @@ func Playground(title string, endpoint string) http.HandlerFunc { return func(w http.ResponseWriter, r *http.Request) { w.Header().Add("Content-Type", "text/html") err := page.Execute(w, map[string]string{ - "title": title, - "endpoint": endpoint, - "version": "1.7.8", + "title": title, + "endpoint": endpoint, + "version": "1.7.8", + "cssSRI": "sha256-cS9Vc2OBt9eUf4sykRWukeFYaInL29+myBmFDSa7F/U=", + "faviconSRI": "sha256-GhTyE+McTU79R4+pRO6ih+4TfsTOrpPwD8ReKFzb3PM=", + "jsSRI": "sha256-ucQsC5k+XYnUlQia6tMKdAOGBbfbDAquMa+oqIooB5A=", }) if err != nil { panic(err)