makestatic-sri v1.1.3

Sub Resource Integrity

Generate SRI attributes

For each HTML page with scripts and styles that point to absolute URLs on other origins download the corresponding file and calculate SHA checksums. Assign the checksums to the integrity attribute for each element and create a crossorigin attribute.

• Install
• API
  • SubResourceIntegrity
    • See Also
    • SubResourceIntegrity
      • Options
      • Throws
    • .sources
    • .fetch
      • Throws
• License

Install

yarn add makestatic-sri

API

SubResourceIntegrity

Generate subresource integrity attributes.

See Also

• HTTP Agent
• SRI Specification

SubResourceIntegrity

new SubResourceIntegrity(context, options)

Create an SRI plugin.

Configure this plugin for the transform phase, requires that the parse-html plugin has been enabled for the parse phase and that the http-cache plugin has been configured so the context has been assigned an HTTP agent.

Finds stylesheets and scripts pointing to absolute URLs on other origins and fetches the referenced resource generating checksum(s) for each downloaded file and assigns the result to the integrity attribute.

The crossorigin attribute is set to the value of the crossorigin option.

If an element has already declared the crossorigin or integrity attributes they are not overwritten.

Supported SHA algorithms are sha256, sha384 and sha512.

If no algorithms are specified the sha512 algorithm is used.

If the rules option is given it should contain regular expression patterns. The URL for each resource is compared agains the rule patterns and is only included if it matches one of the rule patterns.

This allows you to apply this plugin to selected resources if required.

• context Object the processing context.
• options Object plugin options.

Options

• rules RegExp|Array list of regular expression patterns.
• algorithms Array list of SHA algorithms.
• crossorigin String=anonymous value for the crossorigin attribute.

Throws

• Error on no HTTP agent.
• Error on unsupported algorithm.
• Error on invalid rule pattern.

.sources

SubResourceIntegrity.prototype.sources(file, context, options)

Iterate styles and scripts in the HTML document AST and find URLs that point to absolute resources from other origins.

For each matched resource download the file and generate the integrity and crossorigin attributes for the corresponding element.

• file File the current file.
• context Object the processing context.
• options Object plugin options.

.fetch

SubResourceIntegrity.prototype.fetch(context, info)

Downloads the referenced resource and calculates checksums for each of the algorithms assigned to this plugin.

If the server responds with a status code other than 200 a warning is printed.

Returns a promise that resolves to an object with checksums field.

• context Object the processing context.
• info Object object containing the href to download.

Throws

• Error if the HTTP request errors.

License

MIT

Created by mkdoc on March 12, 2017