Subresource Integrity (SRI)
Author: Vaibhav Malik
## Description
Subresource Integrity (SRI) is a security mechanism that allows web browsers to check the integrity of resources they
fetch from external sources, such as Content Delivery Networks (CDNs). SRI ensures that the resources are delivered without
any unexpected modifications or tampering. With SRI, you can specify a cryptographic hash value that the fetched resource
must match before the browser accepts and uses it. This helps protect against scenarios where an attacker might attempt to
inject malicious code into a resource, or where a CDN might accidentally serve corrupted files. By using SRI, you can
enhance the security of your web application and provide an extra layer of protection for your users.
Web sites often rely on resources hosted on third-party servers, such as
JavaScript libraries or CSS stylesheets. However, using these resources introduces risks:
1. The third-party server could get compromised, leading to the resources being modified to include malicious content.
2. Network attacks could modify the resources en route from the third-party server to the user's browser.
SRI helps mitigate these risks by ensuring that the browser only executes resources
that match the expected hash. If the resource doesn't match the hash, the browser won't
load it, protecting the page and users from potential attacks.
To use SRI, you specify the hash of the resource you're expecting
in the `integrity` attribute of the `
```
SRI provides several key benefits:
- Ensures integrity of externally hosted resources
- Detects and prevents execution of tampered code
- Complements other security measures like HTTPS and CSP
- Helps maintain trust in third-party content
However, SRI also introduces some considerations:
- Requires knowledge of expected resource hashes
- Can break sites if resource updates change hashes
- Doesn't protect against compromise of the main site itself
## Sample Code
Here's how you might implement SRI in a web page:
```html
Hello, world!
This is an example of a site using SRI.