Détail du package

broccoli-sri-hash

jonathanKingston598.8kMIT2.1.2

Generates SRI hashes for html files

readme

SRI for broccoli

build status build status npm status dependency status

This plugin looks at an apps html files to rewrite their content with integrity attributes.

Options

  • origin - if crossorigin isn't specified but prepend is it will add an integrity if prepend starts with origin
  • crossorigin - adds a crossorigin attribute to script and link elements
    • This is required for CORS resources values are:
      • use-credentials
      • anonymous
  • prepend - resources with a full path will only get an applied integrity if the md5 checksum passes
  • paranoiaCheck - false by default, if enabled turns off the integrity attribute if any Unicode is found within the file
  • fingerprintCheck - true by default, if enabled validates the computed md5 checksum against the fingerprint

Example

var sriTree = sri('path/to/code', {
  prefix: 'https://example.com/',
  crossorigin: 'anonymous'
});

'paranoiaCheck'

There was an encoding issue based on certain characters which is landed in Chrome 46 when using Chrome. This check fails if there is any non ASCII characters. On failure the file won't have a integrity attribute added. Please note this will be removed as a default in the future; with the desire to remove all of the checking code too.

'fingerprintCheck'

If your assets change between the time they are fingerprinted and the time they are processed for SRI, you most likely want to disable this check. The canonical example is if an asset contains a link to a secondary asset and is rewritten to adjust the link after fingerprinting the second asset, rendering the fingerprint invalid (for anything more than a useful unique identifier).

changelog

2.1.2

  • Reenable snyk test

2.1.1

  • Updating linting and snyk dev dependency packages
    • eslint@2.5.1
    • eslint-config-nightmare-mode@2.3.0
    • mocha-eslint@2.0.2
    • snyk@1.13.1

2.1.0

  • Adding in fixes for utf8 streams
  • Adding fingerprintCheck for disabling md5 file checking

2.0.0

  • Removing paranoiaCheck as a default

1.2.2

  • Removal of snyk as came out in ember setups

1.2.1

  • Base tag fixes

1.2.0

  • Update to use broccoli-caching-writer as a base class. Fixes issues with more aggressive caching added in recent broccoli-filter versions.

1.1.1

  • @kellyselden fixes for node 0.10
    • windows cmd fix
    • adding promise polyfill for node 0.10
    • adding appveyor badge
    • mirroring ember-cli travis envs

1.1.0

  • Added in a temporary fix for Unicode encoding issue which disables the code if the library detects unicode.

1.0.4

  • Make the filter dependency in the dependency setup

1.0.3

  • Fixing extra closing slash and whitespace in output
  • Update to latest broccoli-filter

1.0.2

  • Changing packages to be semver compatible

1.0.1

  • Changed code to work with 0.2.x broccoli-filter
  • Made stateless checks be global to remove recalculation
  • Adding in more failure tests for broken HTML
  • Cleaning up regex to cope with failure cases

1.0.0

  • Added in build steps and badges

0.2.4

  • Made code only work with stylesheet link elements

0.2.3

  • Upgrade to the latest toolbox

0.2.2

  • Added origin attribute checking to simplify interface