1.1.0releasedSubresource Integrity
A simple way to compute base64 encoded sha (256, 384, 512) of assets files used in `link` and `script` tags.
Clone URLhttps://github.com/DeuxHuitHuit/sri.git
Add as a submodulegit submodule add https://github.com/DeuxHuitHuit/sri.git extensions/sri --recursive
Compatibility
2.x.x | 2.1.x | 2.2.x | 2.3.x | 2.4.x | 2.5.x | 2.6.x | 2.7.0 | 2.7.1 | 2.7.2 | 2.7.3 | 2.7.4 | 2.7.5 | 2.7.6 | 2.7.7 | 2.7.8 | 2.7.9 | 2.7.10 |
---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
No | No | No | No | No | No | 1.1.0 | 1.1.0 | 1.1.0 | 1.1.0 | 1.1.0 | 1.1.0 | 1.1.0 | 1.1.0 | 1.1.0 | 1.1.0 | 1.1.0 | 1.1.0 |
Readme
Subresource Integrity
A simple way to compute base64 encoded sha (256, 384, 512) of assets files used in
link
andscript
tags.
SPECS
- You specify the files in a xml file (
manifest/sri.xml
) - The results are in the provided data source
See https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity for more details on SRI.
REQUIREMENTS
- Symphony CMS version 2.6.0 and up (as of the day of the last release of this extension)
INSTALLATION
git clone
/ download and unpack the tarball file- Put into the extension directory
- Enable/install just like any other extension
You can also install it using the extension downloader.
Just search for sri
.
For more information, see http://getsymphony.com/learn/tasks/view/install-an-extension/
HOW TO USE
- Create the
manifest/sri.xml
file - Fill it up
- Add the SRI data sources on pages that needs it.
- Set the
integrity
attribute accordingly
sri.xml
file
This file must contains a list of all files where the integrity hash needs to be computed. The file must follow this schema:
xml
<?xml version="1.0" encoding="UTF-8"?>
<files hash="sha512">
<file>symphony/assets/css/symphony.min.css</file>
<file hash="sha256">symphony/assets/js/symphony.min.js</file>
</files>
File path are relative to the DOCROOT
and must never start with a trailing slash. Hash algorithm can be specified globally by setting the hash
attribute of the root level tag. Hash algorithm can also be specified on a a per file basis, using the same hash
attribute.
integrity
attribute
Using the provided data source, you can output the right value with this piece of either one of:
xslt
<!-- Using the filename attribute -->
<script src="/path/to/file.ext" integrity="{/data/sri/file[@filename='file.ext']/@integrity}"></script>
<!-- Using the complete path -->
<link href="/path/to/file.ext" integrity="{/data/sri/file[.='path/to/file.ext']/@integrity}" />
Data Source
The data source outputs some useful information. Also, any exception thrown in the data source execution process are logged into Symphony's logs.
xml
<sri>
<file filename="symphony.min.css" hash="sha512" integrity="sha512-0UfXWfRg5GzU/l6VXUKRMl3TFmz0FijSoJMt3vmfjwTkYztMDWqpvFZ4F4eMY9c5C+/n49cuFya8A0vN95deug==" cache="miss-saved">symphony/assets/css/symphony.min.css</file>
<file filename="symphony.min.js" hash="sha256" integrity="sha256-8jb0A0Ei0W+is2NHkiAeUdWDrXPhYQeoFGF6ljIKCKs=" cache="hit">symphony/assets/js/symphony.min.js</file>
</sri>
filename
contains the name of the filehash
contains the hash algorithm usedintegrity
contains the value set in theintegrity
attributecache
contains info about the cache. Possible values aremiss
: Not found in cache nor was the cache updatedsaved-miss
: Not found in cache but saved for future usehit
: Integrity value found in cachedisabled
: Cache is disabled
Caching
This extension uses Symphony's database driven cache provider in order to prevent reading each file and computing the hash on each request. The cache ttl is 30 days, but the data source checks the file modified time before using any value from the cache. If the file changed, the hash is updated.
LICENSE
Made with love in Montréal by Deux Huit Huit
Copyright (c) 2016
Version history
Symphony 2.6.0 to 2.x.x
- Add support for running multiple host with the same database
Symphony 2.6.0 to 2.x.x
- Prevent logs from filling up when file does not exists
Symphony 2.6.0 to 2.x.x
- Use
hash_file()
instead ofhash(file_get_contents())
Symphony 2.6.0 to 2.x.x
- First release