Subresource Integrity (SRI)

Explore how Subresource Integrity (SRI) enhances security by verifying that JavaScript files loaded from external sources like CDNs match expected cryptographic hashes. Understand how to use the integrity and crossorigin attributes to prevent tampering and protect user data, and see how SRI complements Content Security Policy to create safer web applications.

We'll cover the following...

Content Delivery Networks (CDNs)
The integrity attribute
The crossorigin attribute
SRI vs. CSP

Content Delivery Networks (CDNs)

A content delivery network (CDN) is a group of edge servers spread out across many different locations around the world. An edge server is just a traditional server that is as geographically near to the respective end-user as possible. When a user fetches a resource (like a JavaScript file) from a CDN for the first time, if the resource is not available at the edge server, the edge server will check the origin server, cache the resource, and then return it. Subsequent requests won’t have to travel to the origin server since the resource will be cached at the CDN layer. Duplicate copies of data are stored across the edge servers so that the server closest to the user can fulfill the request.

A CDN server is often not one that is directly managed by the application developers themselves. When using a third-party service for important tasks like resource delivery, we have to do everything we can to ensure that it is secure. Subresource Integrity (SRI) is a modern browser security feature that ensures static resources, requested from a CDN for example, are an exact match with our predefined expectations.

For each resource requested, we provide a ...

1.Introduction

2.Common Vulnerabilities, Attacks, and Preventions

3.Sensitive Data Exposure

4.HTTP and APIs

Assessment

5.Conclusion

Subresource Integrity (SRI)

Content Delivery Networks (CDNs)