Details
-
Story
-
Status: Open
-
Trivial
-
Resolution: Unresolved
-
None
-
None
Description
Whenever the portal is loading resources from a CDN (or any other 3rd party server), there is a risk that the CDN might get compromised. To mitigate against this type of attack, the portal should automatically add Subresource Integrity (SRI) hashes to <script> and <link> elements when using a CDN.
Reference: https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
Supported by majority of browsers since 2018: https://caniuse.com/subresource-integrity