broccoli-sri-hash

SRI for broccoli

This plugin looks at an apps html files to rewrite their content with integrity attributes.

Options

• origin - if crossorigin isn't specified but prepend is it will add an integrity if prepend starts with origin
• crossorigin - adds a crossorigin attribute to script and link elements
  • This is required for CORS resources values are:
    • use-credentials
    • anonymous
• prepend - resources with a full path will only get an applied integrity if the md5 checksum passes
• paranoiaCheck - true by default, this turns off the integrity attribute if any Unicode is found within the file.

Example

var sriTree = sri('path/to/code, {
  prefix: 'https://example.com/',
  crossorigin: 'anonymous'
});

'paranoiaCheck'

Currently there is an encoding issue based on certain characters which is still being debugged when using Chrome. This check fails if there is any non ASCII characters. On failure the file won't have a integrity attribute added. Please note this will be removed as a default in the future; with the desire to remove all of the checking code too.

Changelog

1.1.1

• @kellyselden fixes for node 0.10
  • windows cmd fix
  • adding promise polyfill for node 0.10
  • adding appveyor badge
  • mirroring ember-cli travis envs