https://www.npmjs.com/package/webpack-subresource-integrity
This plugin has two effects, one for HtmlWebpackPlugin which doesn't affect but also provides support for chunks created when we're using code splitting. It adds integrity and crossorigin attributes to dynamically loaded scripts with the hash of the loaded file.
It's an added security feature and will be important to use in conjunction with any future sites that want to use the require-sri content security policy.
Notes:
- You have to set the
output.crossOriginLoading parameter, use "anonymous" as the value
- Only need to use a single hash function eg.
hashFuncNames: [ 'sha384' ] is a good default
https://www.npmjs.com/package/webpack-subresource-integrity
This plugin has two effects, one for HtmlWebpackPlugin which doesn't affect but also provides support for chunks created when we're using code splitting. It adds
integrityandcrossoriginattributes to dynamically loaded scripts with the hash of the loaded file.It's an added security feature and will be important to use in conjunction with any future sites that want to use the
require-sricontent security policy.Notes:
output.crossOriginLoadingparameter, use "anonymous" as the valuehashFuncNames: [ 'sha384' ]is a good default