Uh oh!
There was an error while loading.Please reload this page.
- Notifications
You must be signed in to change notification settings - Fork9.6k
[AssetMapper] Add Integrity Hashes to ImportMap (wip)#58722
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to ourterms of service andprivacy statement. We’ll occasionally send you account related emails.
Already on GitHub?Sign in to your account
Uh oh!
There was an error while loading.Please reload this page.
Conversation
This is a basic implementation to support integrity hashes within import maps:- Computes a base64-encoded SHA-384 digest in the factory.- Renders the integrity attribute for JavaScript files in the import map.**TODO**- [ ] Make the integrity hash optional (e.g., through a constructor argument in the factory)- [ ] Compute hashes only for certain assets / types / paths ?- [ ] Expose configuration settings- [ ] Adapt the FrameworkBundle / DI- [ ] Determine handling approach for CSS files**Sources**- [Subresource Integrity (SRI) Goals - W3C](https://www.w3.org/TR/SRI/#goals)- [JSPM: JS Integrity with Import Maps](https://jspm.org/js-integrity-with-import-maps)_PS: I'm a bit short on time lately... so if anyone wants to help or take over, please feel free!_
pierreboissinot commentedOct 30, 2024
Hi@smnandre , I'll be glad to continue to help after the week-end. |
pierreboissinot commentedNov 6, 2024
Hi@smnandre , did you checksmnandre#1 ? |
9bd9761 to82b44daCompareThere was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Such a nice addition 🤩
| if (null !== $content) { | ||
| return 'sha384-'.base64_encode(hash('sha384', $content, true)); | ||
| } | ||
| return 'sha384-'.base64_encode(hash_file('sha384', $asset->sourcePath, true)); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Could be simplified to:
| if (null !==$content) { | |
| return'sha384-'.base64_encode(hash('sha384',$content,true)); | |
| } | |
| return'sha384-'.base64_encode(hash_file('sha384',$asset->sourcePath,true)); | |
| $hash =$content !==null ?hash('sha384',$content,true) :hash_file('sha384',$asset->sourcePath,true); | |
| return'sha384-'.base64_encode($hash); |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others.Learn more.
Not sure if adding a var is worth it here. This code is not in the hotpath, so i'd maybe vote for code readability.
wdyt ?
@smnandre Is it still something you want to finish working on? |
I may find some time to.. but not before mid-week :| |
Closing in favor of#60378 that did find the time. Thank you@pierreboissinot for the early help, sorry to not have found more time on this topic. |
-- Opening early to (hopefully) gather feedback and ideas --
This is a basic implementation to support integrity hashes within import maps:
TODO
Sources
PS: I'm a bit short on time lately... so if anyone wants to help or take over, please feel free!