From 0f79d48ce628e8ccf9438ee79f99c05a7cc57666 Mon Sep 17 00:00:00 2001
From: XVincentX <vincenzo@apiary.io>
Date: Tue, 6 Dec 2016 12:38:11 +0100
Subject: [PATCH 1/2] Add Subresource Integrity support

---
 packages/react-scripts/config/webpack.config.prod.js | 5 +++++
 packages/react-scripts/package.json                  | 1 +
 2 files changed, 6 insertions(+)

diff --git a/packages/react-scripts/config/webpack.config.prod.js b/packages/react-scripts/config/webpack.config.prod.js
index bae24d1a46d..df970584a9e 100644
--- a/packages/react-scripts/config/webpack.config.prod.js
+++ b/packages/react-scripts/config/webpack.config.prod.js
@@ -15,6 +15,7 @@ var HtmlWebpackPlugin = require('html-webpack-plugin');
 var ExtractTextPlugin = require('extract-text-webpack-plugin');
 var ManifestPlugin = require('webpack-manifest-plugin');
 var InterpolateHtmlPlugin = require('react-dev-utils/InterpolateHtmlPlugin');
+var SubresourceIntegrityPlugin = require('webpack-subresource-integrity');
 var url = require('url');
 var paths = require('./paths');
 var getClientEnvironment = require('./env');
@@ -259,6 +260,10 @@ module.exports = {
     // having to parse `index.html`.
     new ManifestPlugin({
       fileName: 'asset-manifest.json'
+    }),
+    // Generate and inject subresources hashes in the final `index.html`.
+    new SubresourceIntegrityPlugin({
+      hashFuncNames: ['sha256', 'sha384']
     })
   ],
   // Some libraries import Node modules but don't use them in the browser.
diff --git a/packages/react-scripts/package.json b/packages/react-scripts/package.json
index a379cab4253..93236f55435 100644
--- a/packages/react-scripts/package.json
+++ b/packages/react-scripts/package.json
@@ -64,6 +64,7 @@
     "webpack": "1.13.2",
     "webpack-dev-server": "1.16.2",
     "webpack-manifest-plugin": "1.1.0",
+    "webpack-subresource-integrity": "^0.7.0",
     "whatwg-fetch": "1.0.0"
   },
   "devDependencies": {

From e9f89de0f33b46f41f6c6909c75765c2c4414693 Mon Sep 17 00:00:00 2001
From: Dan Abramov <dan.abramov@gmail.com>
Date: Tue, 6 Dec 2016 12:19:35 +0000
Subject: [PATCH 2/2] Pin dependency

---
 packages/react-scripts/package.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/react-scripts/package.json b/packages/react-scripts/package.json
index 93236f55435..9a13efce14d 100644
--- a/packages/react-scripts/package.json
+++ b/packages/react-scripts/package.json
@@ -64,7 +64,7 @@
     "webpack": "1.13.2",
     "webpack-dev-server": "1.16.2",
     "webpack-manifest-plugin": "1.1.0",
-    "webpack-subresource-integrity": "^0.7.0",
+    "webpack-subresource-integrity": "0.7.0",
     "whatwg-fetch": "1.0.0"
   },
   "devDependencies": {