Subresource Integrity(SRI) Implementation with AEM Client Libraries | Community
Skip to main content
pankajk19193341
pankajk19193341
November 2, 2017
Solved

Subresource Integrity(SRI) Implementation with AEM Client Libraries

  • November 2, 2017
  • 4 replies
  • 4214 views

Hi,

I am working on a client requirement to implement subresource integrity on our website to make it more secure, which would require adding attribute named "integrity" with cryptographic digest of client library to client lib JS/CSS file reference.

As it would require certain degree of customization, I wanted to check if anyone has implemented this feature with AEM.

Thanks in Advance,

Pankaj

    This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
    Best answer by kautuk_sahni

    The way I can think here is:

    1. Manually

    2. You need to create your tag which uses the HtmlLibraryManager to get the list of includes for a particular category (or set of categories) and use those to output the appropriate HTML.

    // HtmlLibraryManager provides access to repository defined html libraries.

    Reference Git Project :- GitHub - nateyolles/aem-clientlib-async: Create AEM clientlibs that can output 'async', 'defer' and 'onload' attributes …

    // To Create AEM clientlibs that can output 'async', 'defer' and 'onload' attributes on your HTML script elements.

    Meanwhile, i have asked internal experts to share their thoughts on this.

    ~kautuk

    4 replies

    kautuk_sahni
    Community Manager
    kautuk_sahniCommunity ManagerAccepted solution
    Community Manager
    November 3, 2017

    The way I can think here is:

    1. Manually

    2. You need to create your tag which uses the HtmlLibraryManager to get the list of includes for a particular category (or set of categories) and use those to output the appropriate HTML.

    // HtmlLibraryManager provides access to repository defined html libraries.

    Reference Git Project :- GitHub - nateyolles/aem-clientlib-async: Create AEM clientlibs that can output 'async', 'defer' and 'onload' attributes …

    // To Create AEM clientlibs that can output 'async', 'defer' and 'onload' attributes on your HTML script elements.

    Meanwhile, i have asked internal experts to share their thoughts on this.

    ~kautuk

    Kautuk Sahni
      D
      davidef34326447
      Level 3
      May 4, 2020
      Hi, is there some update about the possibility to manage this attribute with AEM?
      pankajk19193341
      pankajk19193341Author
      November 3, 2017

      Thanks Kautuk for the direction, it definitely looks promising. I will update here if I am able to leverage it to achieve SRI with clientslibs.

      Looking forward for more feedback.

      P
      PrathibaLi
      November 8, 2023

      Hello May i know if ou were successfully able to implement the SRI, if yes can you share more details on that

       

      V
      vijender_21
      June 4, 2018

      Hi Pankaj,

      Did you get SRI implemented in your site and it seems it is not supported in IE.

      Please update.

      Thanks,

      Vijender

      arunpatidar
      Community Advisor
      arunpatidarCommunity Advisor
      Community Advisor
      June 4, 2018

      Hi Vijender,

      Yes, integrity attribute does not supported in IE.

      FeatureChromeFirefox (Gecko)Internet ExplorerOperaSafari
      The integrity attribute for <script> and <link>45.043 (43)No support3211 [1]

      more info - Subresource Integrity - Web security | MDN

      Thanks

      Arun

      Arun Patidar
      Terms & ConditionsAccessibility statement

      Loading footer...