[LPS-73155] As a system administrator, I want the portal to automatically add SRI hash when using a CDN - Liferay Issues

XML

Word

Printable

Details

Type: Story
Status: Open
Priority: Trivial
Resolution: Unresolved
Affects Version/s: None
Fix Version/s: None
Component/s: Application Security
Labels:
- out-of-scope

Description

Whenever the portal is loading resources from a CDN (or any other 3rd party server), there is a risk that the CDN might get compromised. To mitigate against this type of attack, the portal should automatically add Subresource Integrity (SRI) hashes to <script> and <link> elements when using a CDN.

Reference: https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity

Supported by majority of browsers since 2018: https://caniuse.com/subresource-integrity

Attachments

Activity

People

Assignee:: SE Support

Reporter:: Samuel Kong

Recent user:: Kiyoshi Lee

Participants of an Issue:: Samuel Kong, SE Support

Votes:: 0 Vote for this issue

Watchers:: 0 Start watching this issue

Dates

Created:: 18/Jun/17 7:18 PM

Updated:: 25/Apr/22 8:40 AM

Packages

Version	Package