问题
I have a requirement for a site, I need to set the Subresource Integrity (https://www.w3.org/TR/SRI/) for the Google sign-in functionality, can someone tell me if it's feasible or if the resource (https://apis.google.com/js/platform.js) changes and I need to use any version mechanism or workaround in order to implement the SRI.
I've tried setting the hash generated in https://www.srihash.org/ and works fine but I don't know if this is going to continue working in the future:
<script src="https://apis.google.com/js/platform.js" integrity="sha384-8BbIfH4u6uFaQg1wXFd+Bm1mY1i+Gkl485e4TAAaBp5kHTq8bueCRXIvnN82pmdZ" crossorigin="anonymous"></script>
来源:https://stackoverflow.com/questions/57666406/sri-for-google-sign-in