What is Subresource Integrity (SRI)?
Subresource Integrity (SRI) is a security feature in modern web browsers that helps protect web applications from potential security vulnerabilities.
It allows a website to ensure that the resources (such as JavaScript or CSS files) it fetches from external sources have not been tampered with during delivery.
How It Works
SRI works by generating a cryptographic hash of the expected resource and comparing it to the hash provided in the HTML source. If the hashes match, the resource is considered secure and is loaded by the browser. If they don't match, the resource is blocked to protect against potential attacks.
Usage
To use SRI in your HTML, you can include the integrity attribute within your
<script> or <link> tags:
<script src="example.js" integrity="sha384-abc123456789" crossorigin="anonymous"></script>
<link rel="stylesheet" href="styles.css" integrity="sha256-def456789123" crossorigin="anonymous">
The integrity attribute contains the hash of the expected resource, and the
crossorigin attribute should be set to "anonymous" for SRI to work correctly.