引用cdn静态资源时添加哈希值验证防篡改

2022-07-11 17:00

例子：

<script src="https://example.com/example-framework.js"
        integrity="sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC"
        crossorigin="anonymous"></script>

生成 SRI 哈希的工具

shasum -b -a 384 example-framework.js | xxd -r -p | base64

reference

Subresource Integrity - Web 安全 | MDN

Updated: 2023-02-11 16:37
Created: 2022-07-11 17:00