SRI
SRI是一种新的W3C规范,它允许Web开发人员,以确保托管在第三方服务器上的资源是没有被篡改的。
SRI的使用,建议作为最佳实践,每当库从第三方源加载。
Subresource Integrity checking
子资源的完整性检查
What is Subresource Integrity?
SRI is a new W3C specification that allows web developers to ensure that resources hosted on third-party servers have not been tampered with. Use of SRI is recommended as a best-practice, whenever libraries are loaded from a third-party source.
Learn more about how to use subresource integrity on MDN.
How is Subresource Integrity different to HTTPS?
TLS ensures that the connection between the browser and the server is secure. The resource itself may still be modified server-side by an attacker to include malicious content, yet still be served with a valid TLS certificate. SRI, on the other hand, guarantees that a resource hasn't changed since it was hashed by a web author.
How can I generate Integrity hashes?
Use the generator above or the following shell command:
openssl dgst -sha384 -binary FILENAME.js | openssl base64 -A
Test your browser
Both Chrome and Firefox support SRI.
Check out SRI on caniuse.com to see specific browser version support information.
To fully test your browser for subresource integrity support, please open this page.
Your browser supports SRI
The code behind this service is hosted on GitHub and is licensed under the Mozilla Public License 2.0.
1
1
http://enable-cors.org/index.html
enable cross-origin resource sharing
Cross-Origin Resource Sharing (CORS) is a specification that enables truly open access across domain-boundaries. If you serve public content, please consider using CORS to open it up for universal JavaScript/browser access.
Cross-origin resource sharing
1
1
demo:
<!DOCTYPE HTML> <html> <head> <meta http-equiv="Content-Type" content="text/html; charset=utf-8"> <meta charset="UTF-8"> <!-- SEO : Search Engine Optimization --> <meta name="keywords" content="HTML5,Website,xgqfrms,2016,shanghai,github,front-end,front end,learning programming,..."> <meta name="description" content="HTML5 :This is a web front-end learning webiste for anybody who love web programming!"> <meta name="author" content="xgqfrms 2016"> <meta name="generator" content="Sublime Text3 && WAMP || LAMP"> <!-- 自动刷新 $ 重定向 --> <meta http-equiv="refresh" content="3; url=http://www.xgqfrms.xyz/index.html"> <!-- Browser Compatiable --> <meta http-equiv="X-UA-Compatible" content="chrome=1"/> <meta http-equiv="X-UA-Compatible" content="IE=Edge"/> <link href="images/icon.png" rel="shortcut icon" type="image/x-icon"> <!-- CSS3 Media Query --> <meta name="viewport" content="width=device-width,initial-scale=1,user-scalable=no"/> <script src="https://code.jquery.com/jquery-3.1.0.min.js"></script> <title>xgqfrms : blogs -- JQuery 3.x && SRI && CORS</title> </head> <body> <h1>xgqfrms : blogs</h1> <a href="http://www.cnblogs.com/xgqfrms/p/5708396.html">Subresource Integrity<br/>SRI<br/>Cross-Origin Resource Sharing (CORS)<br/>子资源的完整性检查<br/>Subresource Integrity checking<br/></a> <pre>https://code.jquery.com/</pre> </body> </html>
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1
1