diff options
author | jomo <github@jomo.tv> | 2015-12-03 23:07:46 +0100 |
---|---|---|
committer | jomo <github@jomo.tv> | 2015-12-03 23:12:04 +0100 |
commit | 560f83ce88097d43e00d1b6cdefbf85906a97583 (patch) | |
tree | db8178693280cdaf8bde2c4b86b75e62cf493381 | |
parent | e50f1fffee2305ae5ec1273ba63cd0852a9f47e3 (diff) |
use Subresource Integrity for externally hosted javascript
browsers will calculate the sha256 hash of the script and compare it to the value of the integrity attribute
if the values do not match, the browser will refuse to execute it.
note: the shasum is written in base64 encoding, not the (more common) hex format!
-rw-r--r-- | app/views/layouts/application.html.erb | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/app/views/layouts/application.html.erb b/app/views/layouts/application.html.erb index 2839b9c..0b91a6a 100644 --- a/app/views/layouts/application.html.erb +++ b/app/views/layouts/application.html.erb @@ -7,7 +7,7 @@ <%= stylesheet_link_tag "application", :media => "all" %> <%= csrf_meta_tags %> <%= favicon_link_tag "favicon.ico" %> - <%= javascript_include_tag "https://cdn.rawgit.com/jomo/ago.js/master/ago.min.js" %> + <%= javascript_include_tag "https://cdn.rawgit.com/jomo/ago.js/master/ago.min.js", crossorigin: :anonymous, integrity: "sha256-xw0JUUdbuZQCVO+QScoxrlEsD4nZGCjMRh9PP8GLhcY=" %> <%= javascript_include_tag "application" %> <link type="application/atom+xml" rel="alternate" href="<%= blogposts_path(:atom) %>"> <%= yield(:site_headers) %> |