Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Welcome To Ask or Share your Answers For Others

Categories

0 votes
654 views
in Technique[技术] by (71.8m points)

requirejs - Subresource Integrity in angularJS App which uses Require JS

I have an angular application with below index.html file

Consider in my index.html page I have the following code for SRI (SubResource Integrity)

<html>
<head>
<meta http-equiv="Content-Security-Policy" 
      content="script-src 'self' scripts/alert.js 'unsafe-inline' 'unsafe-eval' 'sha256-qznLcsROx4GACP2dm0UCKCzCG+HiZ1guq6ZZDob/Tng='">

<script src="scripts/alert.js"
        integrity="sha256-qznLcsROx4GACP2dm0UCKCzCG+HiZ1guq6ZZDob/Tng="
        crossorigin="anonymous"></script>
</head>
</html>
See Question&Answers more detail:os

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome To Ask or Share your Answers For Others

1 Answer

0 votes
by (71.8m points)

If I understand your question correctly, you want to use Sub Resource Integrity for scripts referenced via require js. Note, that in order to do this you need RequireJS version 2.1.19 or later (see http://requirejs.org/docs/download.html).

For a working example (referencing jQuery), see this plunker: http://plnkr.co/edit/kzqLjUThJRtoEruCCtMt?p=preview. Hopefully you should be able to copy this method to your project.

My example uses integrity/crossorigin attributes for:

  • RequireJS itself (through the index.html file)
  • jQuery (via the config file main.js and the interesting thing for you)

This is built on the RequireJS hook onNodeCreated and code like

onNodeCreated: function(node, config, module, path) {
    node.setAttribute('integrity', integrityForModule);
    node.setAttribute('crossorigin', 'anonymous');
}

Please note that this example does NOT use SRI for the config file main.js file. In order to accomplish that, either

  • include the RequireJS config inline in the index.html page
  • ...or reference main.js (the config file) through an extra script tag (with integrity/crossover), and not via the data-main attribute

与恶龙缠斗过久,自身亦成为恶龙;凝视深渊过久,深渊将回以凝视…
Welcome to OStack Knowledge Sharing Community for programmer and developer-Open, Learning and Share
Click Here to Ask a Question

...