What is SRI?
Subresource Integrity (SRI) is a security feature enabling browsers to verify the integrity of remotely linked files (typically across a CDN), before allowing them to be loaded or executed on a website.
How does it work?
The Subresource Integrity feature lets you specifiy a base64-encoded cryptographic hash of the file in either SHA256, SHA384 or SHA512. The browser then compares the downloaded asset with the hash value you have specified. It if differs, due to code injection or code replacement, the resource is blocked.
For more information on SRI, check out the Mozilla Developer Network (MDN) page.
Currently, only your website visitors will encounter an issue when a resource is blocked. If you are utilising CSP Headers, you can configure reactive alerts to be sent when a problem occurs. For setting up & managing CSP Headers, we recommend the good folks over at Report URI.
How can SRI Notify help?
COMING SOON: SRI Notify continually and proactively monitors all SRI links on your website comparing the hash values automatically. If any fail validation, you’ll get an email alert – allowing you to assess the change/impact and manage the situation accordingly.