Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-73155

As a system administrator, I want the portal to automatically add SRI hash when using a CDN

Details

    • Story
    • Status: Open
    • Trivial
    • Resolution: Unresolved
    • None
    • None
    • Application Security

    Description

      Whenever the portal is loading resources from a CDN (or any other 3rd party server), there is a risk that the CDN might get compromised. To mitigate against this type of attack, the portal should automatically add Subresource Integrity (SRI) hashes to <script> and <link> elements when using a CDN.

      Reference: https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity

      Supported by majority of browsers since 2018: https://caniuse.com/subresource-integrity

      Attachments

        Activity

          People

            support-lep@liferay.com SE Support
            samuel.kong Samuel Kong
            Kiyoshi Lee Kiyoshi Lee
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:

              Packages

                Version Package