Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

playground: secure CDN resources with Subresource Integrity #568

Merged
merged 1 commit into from
Mar 4, 2019

Conversation

MichaelMure
Copy link
Contributor

The current HTTP handler for the playground leave a way to load tampered resources, either with a faulty CDN or through a man-in-the-middle.

This PR add Subresource Integrity for those external resources. If such tampering happen, the browser will simply refuse to load them.

Btw, jsdelivr conveniently provide the SRI hash, so updating the playground will still be easy.

image

@vektah vektah merged commit cb38b4b into 99designs:master Mar 4, 2019
cgxxv pushed a commit to cgxxv/gqlgen that referenced this pull request Mar 25, 2022
playground: secure CDN resources with Subresource Integrity
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants