Subresource Integrity(SRI) Implementation with AEM Client Libraries

pankajk19193341

02-11-2017

Hi,

I am working on a client requirement to implement subresource integrity on our website to make it more secure, which would require adding attribute named "integrity" with cryptographic digest of client library to client lib JS/CSS file reference.

As it would require certain degree of customization, I wanted to check if anyone has implemented this feature with AEM.

Thanks in Advance,

Pankaj

Accepted Solutions (1)

Accepted Solutions (1)

kautuk_sahni

Community Manager

02-11-2017

The way I can think here is:

1. Manually

2. You need to create your tag which uses the HtmlLibraryManager to get the list of includes for a particular category (or set of categories) and use those to output the appropriate HTML.

// HtmlLibraryManager provides access to repository defined html libraries.

Reference Git Project :- GitHub - nateyolles/aem-clientlib-async: Create AEM clientlibs that can output 'async', 'defer' and ...

// To Create AEM clientlibs that can output 'async', 'defer' and 'onload' attributes on your HTML script elements.

Meanwhile, i have asked internal experts to share their thoughts on this.

~kautuk

Answers (3)

Answers (3)

Arun_Patidar

MVP

04-06-2018

Hi Vijender,

Yes, integrity attribute does not supported in IE.

FeatureChromeFirefox (Gecko)Internet ExplorerOperaSafari
The integrity attribute for <script> and <link>45.043 (43)No support3211 [1]

more info - Subresource Integrity - Web security | MDN

Thanks

Arun

pankajk19193341

03-11-2017

Thanks Kautuk for the direction, it definitely looks promising. I will update here if I am able to leverage it to achieve SRI with clientslibs.

Looking forward for more feedback.