Subresource Integrity orSRI is aW3C recommendation to provide a method to protect website delivery. Specifically, it validates assets served by a third party, such as acontent delivery network (CDN). This ensures these assets have not been compromised for hostile purposes.
To use SRI, a website author wishing to include a resource from a third party can specify acryptographic hash of the resource in addition to the location of the resource. Browsers fetching the resource can then compare the hash provided by the website author with the hash computed from the resource. If the hashes don't match, the resource is discarded.[1]
A samplescript element withintegrity andcrossorigin attribute used by the SRI:
<scriptsrc="https://cdn.example.com/app.js"integrity="sha384-+/M6kredJcxdsqkczBUjMLvqyHb1K/JThDXWsBVxMEeZHEaMKEOEct339VItX1zB"crossorigin="anonymous"></script>