完整性检查


策略文件必须使用与绝对 URL 关联的浏览器完整性属性兼容的子资源完整性字符串的完整性检查。

当使用 require()import 时,如果已指定策略清单,则检查加载中涉及的所有资源的完整性。 如果资源与清单中列出的完整性不匹配,则会抛出错误。

允许加载文件 checked.js 的示例策略文件:

{
  "resources": {
    "./app/checked.js": {
      "integrity": "sha384-SggXRQHwCG8g+DktYYzxkXRIkTiEYWBHqev0xnpCxYlqMBufKZHAHQM3/boDaI/0"
    }
  }
}

策略清单中列出的每个资源都可以采用以下格式之一来确定其位置:

  1. 指向清单中资源的相对 URL 字符串,例如 ./resource.js../resource.js/resource.js
  2. 资源的完整 URL 字符串,例如 file:///resource.js

当加载资源时,整个 URL 必须匹配,包括搜索参数和哈希片段。 尝试加载 ./a.js 时不会使用 ./a.js?b,反之亦然。

要生成完整性字符串,则可以使用 node -e 'process.stdout.write("sha256-");process.stdin.pipe(crypto.createHash("sha256").setEncoding("base64")).pipe(process.stdout)' < FILE 等脚本。

完整性可以指定为布尔值 true,以接受任何对本地开发有用的资源主体。 不建议在生产中这样做,因为它会允许资源的意外更改被认为是有效的。

Policy files must use integrity checks with Subresource Integrity strings compatible with the browser integrity attribute associated with absolute URLs.

When using require() or import all resources involved in loading are checked for integrity if a policy manifest has been specified. If a resource does not match the integrity listed in the manifest, an error will be thrown.

An example policy file that would allow loading a file checked.js:

{
  "resources": {
    "./app/checked.js": {
      "integrity": "sha384-SggXRQHwCG8g+DktYYzxkXRIkTiEYWBHqev0xnpCxYlqMBufKZHAHQM3/boDaI/0"
    }
  }
}

Each resource listed in the policy manifest can be of one the following formats to determine its location:

  1. A relative-URL string to a resource from the manifest such as ./resource.js, ../resource.js, or /resource.js.
  2. A complete URL string to a resource such as file:///resource.js.

When loading resources the entire URL must match including search parameters and hash fragment. ./a.js?b will not be used when attempting to load ./a.js and vice versa.

To generate integrity strings, a script such as node -e 'process.stdout.write("sha256-");process.stdin.pipe(crypto.createHash("sha256").setEncoding("base64")).pipe(process.stdout)' < FILE can be used.

Integrity can be specified as the boolean value true to accept any body for the resource which can be useful for local development. It is not recommended in production since it would allow unexpected alteration of resources to be considered valid.