makestatic-sri
v1.1.3
Published
Generate subresource integrity attributes
Downloads
1
Maintainers
Readme
Sub Resource Integrity
Generate SRI attributes
For each HTML page with scripts and styles that point to absolute URLs on other origins download the corresponding file and calculate SHA checksums. Assign the checksums to the integrity
attribute for each element and create a crossorigin
attribute.
Install
yarn add makestatic-sri
API
SubResourceIntegrity
Generate subresource integrity attributes.
See Also
SubResourceIntegrity
new SubResourceIntegrity(context, options)
Create an SRI plugin.
Configure this plugin for the transform
phase, requires that the
parse-html
plugin has been enabled for the parse
phase and that the
http-cache
plugin has been configured so the context has been assigned
an HTTP agent.
Finds stylesheets and scripts pointing to absolute URLs on other origins
and fetches the referenced resource generating checksum(s) for each
downloaded file and assigns the result to the integrity
attribute.
The crossorigin
attribute is set to the value of the crossorigin
option.
If an element has already declared the crossorigin
or integrity
attributes they are not overwritten.
Supported SHA algorithms are sha256
, sha384
and sha512
.
If no algorithms
are specified the sha512
algorithm is used.
If the rules
option is given it should contain regular expression
patterns. The URL for each resource is compared agains the rule patterns
and is only included if it matches one of the rule patterns.
This allows you to apply this plugin to selected resources if required.
context
Object the processing context.options
Object plugin options.
Options
rules
RegExp|Array list of regular expression patterns.algorithms
Array list of SHA algorithms.crossorigin
String=anonymous value for the crossorigin attribute.
Throws
Error
on no HTTP agent.Error
on unsupported algorithm.Error
on invalid rule pattern.
.sources
SubResourceIntegrity.prototype.sources(file, context, options)
Iterate styles and scripts in the HTML document AST and find URLs that point to absolute resources from other origins.
For each matched resource download the file and generate the integrity
and crossorigin
attributes for the corresponding element.
file
File the current file.context
Object the processing context.options
Object plugin options.
.fetch
SubResourceIntegrity.prototype.fetch(context, info)
Downloads the referenced resource and calculates checksums for each of
the algorithms
assigned to this plugin.
If the server responds with a status code other than 200 a warning is printed.
Returns a promise that resolves to an object with checksums
field.
context
Object the processing context.info
Object object containing thehref
to download.
Throws
Error
if the HTTP request errors.
License
MIT
Created by mkdoc on March 12, 2017