Web Security Challenge 8: Subresource Integrity
Transcript from the "Challenge 8: Subresource Integrity" Lesson
>> Mike North: Eighth exercise here, we're gonna add subresource integrity attributes to the script and styles that we're bringing in for our material design library. Now these are not ones that are hosted on some CDN somewhere. We're hosting them locally, but it's good because if we were to deploy our assets onto a CDN for example, it's possible that someone might tamper with those things, right?
[00:00:23] It has happened before. So it's good to add these integrity attributes to any external style sheet or script that we're bringing in to our app. And you should be able to see that if you go in and modify those files, because they're hosted locally, we can tweak them.
[00:00:39] We can add a new line or something. And you should see that the browser basically rejects,
>> Mike North: It does not agree to handle them and throws an error instead. So for ten minutes add subresource integrity headers. And that'll be done in your main layout view in the server views folder.