From 4027afcf6ec0a1dad3c260e3ece565cd2efe6b43 Mon Sep 17 00:00:00 2001 From: Daniel Micay Date: Fri, 26 Nov 2021 19:41:37 -0500 Subject: [PATCH] add integrity metadata to preload header --- nginx/nginx.conf | 2 +- process-static | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/nginx/nginx.conf b/nginx/nginx.conf index eef73d03..5dfe0835 100644 --- a/nginx/nginx.conf +++ b/nginx/nginx.conf @@ -74,7 +74,7 @@ http { map $http_cookie $preload_resources { "~*__Host-preload=1" ""; - default "<{{path|/main.css}}>; rel=preload; as=style, ; rel=preload; as=font; crossorigin, ; rel=preload; as=font; crossorigin, <{{path|/mask-icon.svg}}>; rel=preload; as=image"; + default "<{{path|/main.css}}>; rel=preload; as=style; integrity={{integrity|/main.css}}, ; rel=preload; as=font; crossorigin, ; rel=preload; as=font; crossorigin, <{{path|/mask-icon.svg}}>; rel=preload; as=image"; } server { diff --git a/process-static b/process-static index ac809e0d..307dc9ed 100755 --- a/process-static +++ b/process-static @@ -27,17 +27,17 @@ find static-tmp -name '*.js' -exec terser --ecma 2021 --module -cmo {} {} \; replace="" for file in static-tmp/**/*.css static-tmp/js/*.js static-tmp/mask-icon.svg; do hash=$(sha256sum "$file" | head -c 8) + sri_hash=sha256-$(openssl dgst -sha256 -binary "$file" | openssl base64 -A) dest="$(dirname $file)/$hash.$(basename $file)" if [[ $file == *.css ]]; then - sri_hash=sha256-$(openssl dgst -sha256 -binary "$file" | openssl base64 -A) replace+=";s@{{css|/${file#*/}}}@@g" elif [[ $file == *.js ]]; then - sri_hash=sha256-$(openssl dgst -sha256 -binary "$file" | openssl base64 -A) replace+=";s@{{js|/${file#*/}}}@@g" fi mv "$file" "$dest" + replace+=";s@{{integrity|/${file#*/}}}@${sri_hash}@g" replace+=";s@{{path|/${file#*/}}}@/${dest#*/}@g" done