Web Security Web Security

Challenge 8: Subresource Integrity

Learning Paths:
Check out a free preview of the full Web Security course:
The "Challenge 8: Subresource Integrity" Lesson is part of the full, Web Security course featured in this preview video. Here's what you'd learn in this lesson:

In this challenge, students add Subresource Integrity (SRI) attributes to the script and style tags to verify files fetched from a file library.

Get Unlimited Access Now

Transcript from the "Challenge 8: Subresource Integrity" Lesson

>> Mike North: Eighth exercise here, we're gonna add subresource integrity attributes to the script and styles that we're bringing in for our material design library. Now these are not ones that are hosted on some CDN somewhere. We're hosting them locally, but it's good because if we were to deploy our assets onto a CDN for example, it's possible that someone might tamper with those things, right?

[00:00:23] It has happened before. So it's good to add these integrity attributes to any external style sheet or script that we're bringing in to our app. And you should be able to see that if you go in and modify those files, because they're hosted locally, we can tweak them.

[00:00:39] We can add a new line or something. And you should see that the browser basically rejects,
>> Mike North: It does not agree to handle them and throws an error instead. So for ten minutes add subresource integrity headers. And that'll be done in your main layout view in the server views folder.