Subresource Integrity in angularJS App which uses Require JS

别来无恙 提交于 2019-11-27 04:46:44

问题


I have an angular application with below index.html file

Consider in my index.html page I have the following code for SRI (SubResource Integrity)

<html>
<head>
<meta http-equiv="Content-Security-Policy" 
      content="script-src 'self' scripts/alert.js 'unsafe-inline' 'unsafe-eval' 'sha256-qznLcsROx4GACP2dm0UCKCzCG+HiZ1guq6ZZDob/Tng='">

<script src="scripts/alert.js"
        integrity="sha256-qznLcsROx4GACP2dm0UCKCzCG+HiZ1guq6ZZDob/Tng="
        crossorigin="anonymous"></script>
</head>
</html>

In case, if I am using require JS, then I have to move the script inclusion of 'alert.js' to 'main.js' file as below

require.config({


    // alias libraries paths
    paths: {
            'jquery': '/scripts/alert'
            },
    // kick start application
    deps: ['../app/require.bootstrap']
 })

Can someone help me how to include the integrity attribute to the main.js file while referring the alert.js script in the paths.


回答1:


If I understand your question correctly, you want to use Sub Resource Integrity for scripts referenced via require js. Note, that in order to do this you need RequireJS version 2.1.19 or later (see http://requirejs.org/docs/download.html).

For a working example (referencing jQuery), see this plunker: http://plnkr.co/edit/kzqLjUThJRtoEruCCtMt?p=preview. Hopefully you should be able to copy this method to your project.

My example uses integrity/crossorigin attributes for:

  • RequireJS itself (through the index.html file)
  • jQuery (via the config file main.js and the interesting thing for you)

This is built on the RequireJS hook onNodeCreated and code like

onNodeCreated: function(node, config, module, path) {
    node.setAttribute('integrity', integrityForModule);
    node.setAttribute('crossorigin', 'anonymous');
}

Please note that this example does NOT use SRI for the config file main.js file. In order to accomplish that, either

  • include the RequireJS config inline in the index.html page
  • ...or reference main.js (the config file) through an extra script tag (with integrity/crossover), and not via the data-main attribute


来源:https://stackoverflow.com/questions/34348536/subresource-integrity-in-angularjs-app-which-uses-require-js

易学教程内所有资源均来自网络或用户发布的内容,如有违反法律规定的内容欢迎反馈
该文章没有解决你所遇到的问题?点击提问,说说你的问题,让更多的人一起探讨吧!