add integrity metadata to preload header

2021-11-26 19:41:37 -05:00 · 2021-11-26 19:41:37 -05:00 · 4027afcf6e
commit 4027afcf6e
parent 23e42eabdf
2 changed files with 3 additions and 3 deletions
--- a/nginx/nginx.conf
+++ b/nginx/nginx.conf
@ -74,7 +74,7 @@ http {

    map $http_cookie $preload_resources {
        "~*__Host-preload=1" "";
-        default "<{{path|/main.css}}>; rel=preload; as=style, </fonts/roboto-v29-regular-latin.woff2>; rel=preload; as=font; crossorigin, </fonts/roboto-v29-bold-latin.woff2>; rel=preload; as=font; crossorigin, <{{path|/mask-icon.svg}}>; rel=preload; as=image";
+        default "<{{path|/main.css}}>; rel=preload; as=style; integrity={{integrity|/main.css}}, </fonts/roboto-v29-regular-latin.woff2>; rel=preload; as=font; crossorigin, </fonts/roboto-v29-bold-latin.woff2>; rel=preload; as=font; crossorigin, <{{path|/mask-icon.svg}}>; rel=preload; as=image";
    }

    server {
--- a/4
+++ b/4
@ -27,17 +27,17 @@ find static-tmp -name '*.js' -exec terser --ecma 2021 --module -cmo {} {} \;
 replace=""
 for file in static-tmp/**/*.css static-tmp/js/*.js static-tmp/mask-icon.svg; do
    hash=$(sha256sum "$file" | head -c 8)
+    sri_hash=sha256-$(openssl dgst -sha256 -binary "$file" | openssl base64 -A)
    dest="$(dirname $file)/$hash.$(basename $file)"

    if [[ $file == *.css ]]; then
-        sri_hash=sha256-$(openssl dgst -sha256 -binary "$file" | openssl base64 -A)
        replace+=";s@{{css|/${file#*/}}}@<link rel=\"stylesheet\" href=\"/${dest#*/}\" integrity=\"$sri_hash\"/>@g"
    elif [[ $file == *.js ]]; then
-        sri_hash=sha256-$(openssl dgst -sha256 -binary "$file" | openssl base64 -A)
        replace+=";s@{{js|/${file#*/}}}@<script type=\"module\" src=\"/${dest#*/}\" integrity=\"$sri_hash\"></script>@g"
    fi

    mv "$file" "$dest"
+    replace+=";s@{{integrity|/${file#*/}}}@${sri_hash}@g"
    replace+=";s@{{path|/${file#*/}}}@/${dest#*/}@g"
 done