mirror of
https://github.com/getgrav/grav.git
synced 2026-07-04 13:48:37 +02:00
Add SRI integrity hash to assets (#3256)
* Added default setting to enable/disable assets SRI * Added system options to enable/disable assets SRI * Added integrityHash function to create asset SRI * Output SRI integrity hash on CSS assets * Output SRI integrity hash for JS assets * Updated integrityHash visibility (protected => public) * Add SRI integrity hash to CSS and JS pipelines * Made integrityHash static
This commit is contained in:
committed by
GitHub
parent
47bc6b0411
commit
3b6f5353fd
@@ -1005,6 +1005,17 @@ form:
|
||||
0: PLUGIN_ADMIN.NO
|
||||
validate:
|
||||
type: bool
|
||||
|
||||
assets.enable_asset_sri:
|
||||
type: toggle
|
||||
label: PLUGIN_ADMIN.ENABLED_SRI_ON_ASSETS
|
||||
help: PLUGIN_ADMIN.ENABLED_SRI_ON_ASSETS_HELP
|
||||
highlight: 0
|
||||
options:
|
||||
1: PLUGIN_ADMIN.YES
|
||||
0: PLUGIN_ADMIN.NO
|
||||
validate:
|
||||
type: bool
|
||||
|
||||
assets.collections:
|
||||
type: multilevel
|
||||
|
||||
@@ -127,6 +127,7 @@ assets: # Configuration for Assets Mana
|
||||
js_pipeline_before_excludes: true # Render the pipeline before any excluded files
|
||||
js_minify: true # Minify the JS during pipelining
|
||||
enable_asset_timestamp: false # Enable asset timestamps
|
||||
enable_asset_sri: false # Enable asset SRI
|
||||
collections:
|
||||
jquery: system://assets/jquery/jquery-2.x.min.js
|
||||
|
||||
|
||||
@@ -10,6 +10,7 @@
|
||||
namespace Grav\Common\Assets;
|
||||
|
||||
use Grav\Common\Assets\Traits\AssetUtilsTrait;
|
||||
use Grav\Common\Config\Config;
|
||||
use Grav\Common\Grav;
|
||||
use Grav\Common\Uri;
|
||||
use Grav\Common\Utils;
|
||||
@@ -171,6 +172,31 @@ abstract class BaseAsset extends PropertyObject
|
||||
|
||||
return $this;
|
||||
}
|
||||
|
||||
/**
|
||||
* Receive asset location and return the SRI integrity hash
|
||||
*
|
||||
* @param $input
|
||||
*
|
||||
* @return string
|
||||
*/
|
||||
public static function integrityHash( $input )
|
||||
{
|
||||
$grav = Grav::instance();
|
||||
|
||||
$assetsConfig = $grav['config']->get('system.assets');
|
||||
|
||||
if ( !empty($assetsConfig['enable_asset_sri']) && $assetsConfig['enable_asset_sri'] )
|
||||
{
|
||||
$dataToHash = file_get_contents( GRAV_ROOT . $input);
|
||||
|
||||
$hash = hash('sha256', $dataToHash, true);
|
||||
$hash_base64 = base64_encode($hash);
|
||||
return ' integrity="sha256-' . $hash_base64 . '"';
|
||||
}
|
||||
|
||||
return '';
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
|
||||
@@ -47,6 +47,6 @@ class Css extends BaseAsset
|
||||
return "<style>\n" . trim($buffer) . "\n</style>\n";
|
||||
}
|
||||
|
||||
return '<link href="' . trim($this->asset) . $this->renderQueryString() . '"' . $this->renderAttributes() . ">\n";
|
||||
return '<link href="' . trim($this->asset) . $this->renderQueryString() . '"' . $this->renderAttributes() . $this->integrityHash($this->asset) . ">\n";
|
||||
}
|
||||
}
|
||||
|
||||
@@ -43,6 +43,6 @@ class Js extends BaseAsset
|
||||
return '<script' . $this->renderAttributes() . ">\n" . trim($buffer) . "\n</script>\n";
|
||||
}
|
||||
|
||||
return '<script src="' . trim($this->asset) . $this->renderQueryString() . '"' . $this->renderAttributes() . "></script>\n";
|
||||
return '<script src="' . trim($this->asset) . $this->renderQueryString() . '"' . $this->renderAttributes() . $this->integrityHash($this->asset) . "></script>\n";
|
||||
}
|
||||
}
|
||||
|
||||
@@ -9,6 +9,7 @@
|
||||
|
||||
namespace Grav\Common\Assets;
|
||||
|
||||
use Grav\Common\Assets\BaseAsset;
|
||||
use Grav\Common\Assets\Traits\AssetUtilsTrait;
|
||||
use Grav\Common\Config\Config;
|
||||
use Grav\Common\Grav;
|
||||
@@ -148,7 +149,7 @@ class Pipeline extends PropertyObject
|
||||
$output = "<style>\n" . $buffer . "\n</style>\n";
|
||||
} else {
|
||||
$this->asset = $relative_path;
|
||||
$output = '<link href="' . $relative_path . $this->renderQueryString() . '"' . $this->renderAttributes() . ">\n";
|
||||
$output = '<link href="' . $relative_path . $this->renderQueryString() . '"' . $this->renderAttributes() . BaseAsset::integrityHash($this->asset) . ">\n";
|
||||
}
|
||||
|
||||
return $output;
|
||||
@@ -211,7 +212,7 @@ class Pipeline extends PropertyObject
|
||||
$output = '<script' . $this->renderAttributes(). ">\n" . $buffer . "\n</script>\n";
|
||||
} else {
|
||||
$this->asset = $relative_path;
|
||||
$output = '<script src="' . $relative_path . $this->renderQueryString() . '"' . $this->renderAttributes() . "></script>\n";
|
||||
$output = '<script src="' . $relative_path . $this->renderQueryString() . '"' . $this->renderAttributes() . BaseAsset::integrityHash($this->asset) . "></script>\n";
|
||||
}
|
||||
|
||||
return $output;
|
||||
|
||||
Reference in New Issue
Block a user