Uploaded image for project: 'PUBLIC - Liferay Portal Community Edition'
  1. PUBLIC - Liferay Portal Community Edition
  2. LPS-73155

As a system administrator, I want the portal to automatically add SRI hash when using a CDN

    Details

    • Type: Story
    • Status: Open
    • Priority: Minor
    • Resolution: Unresolved
    • Affects Version/s: None
    • Fix Version/s: None
    • Component/s: Application Security
    • Labels:
      None

      Description

      Whenever the portal is loading resources from a CDN (or any other 3rd party server), there is a risk that the CDN might get compromised. To mitigate against this type of attack, the portal should automatically add Subresource Integrity (SRI) hashes to <script> and <link> elements when using a CDN.

      Reference: https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity

        Attachments

          Activity

            People

            • Assignee:
              support-lep@liferay.com SE Support
              Reporter:
              samuel.kong Samuel Kong
              Recent user:
              Samuel Kong
              Participants of an Issue:
            • Votes:
              0 Vote for this issue
              Watchers:
              0 Start watching this issue

              Dates

              • Created:
                Updated:

                Packages

                Version Package