Nemcio/Grav
1
0
Fork 0
mirror of https://github.com/getgrav/grav.git synced 2026-02-27 09:01:36 +01:00
Code Issues Packages Projects Releases Activity

Fixed SRI trying to calculate remote assets, only ever set integrity for local files. Use the SRI provided by the remote source and manually add it in the addJs/addCss call for remote support. (fixes #3358)

Browse Source 
Also Fixed wrong SRI paths invoked when Grav instance as a sub folder
This commit is contained in:
Djamil Legato
2021-05-27 12:26:25 -07:00
parent 278671deec
commit d359120d81
2 changed files with 14 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
CHANGELOG.md
View File

@@ -10,6 +10,8 @@
* Fixed the first visible child page getting ordering number `999999.` [#3365](https://github.com/getgrav/grav/issues/3365)
* Fixed flex pages search using only folder name [#3316](https://github.com/getgrav/grav/issues/3316)
* Fixed flex pages using wrong type in `onBlueprintCreated` event [#3157](https://github.com/getgrav/grav/issues/3157)
* Fixed wrong SRI paths invoked when Grav instance as a sub folder [#3358](https://github.com/getgrav/grav/issues/3358)
* Fixed SRI trying to calculate remote assets, only ever set integrity for local files. Use the SRI provided by the remote source and manually add it in the `addJs/addCss` call for remote support. [#3358](https://github.com/getgrav/grav/issues/3358)
# v1.7.15
## 05/19/2021

18
system/src/Grav/Common/Assets/BaseAsset.php
View File

@@ -15,6 +15,7 @@ use Grav\Common\Grav;
use Grav\Common\Uri;
use Grav\Common\Utils;
use Grav\Framework\Object\PropertyObject;
use RocketTheme\Toolbox\File\File;
use SplFileInfo;
/**
@@ -182,16 +183,21 @@ abstract class BaseAsset extends PropertyObject
public static function integrityHash($input)
{
$grav = Grav::instance();
$uri = $grav['uri'];
$assetsConfig = $grav['config']->get('system.assets');
if ( !empty($assetsConfig['enable_asset_sri']) && $assetsConfig['enable_asset_sri'] )
{
$dataToHash = file_get_contents( GRAV_WEBROOT . $input);
if (!self::isRemoteLink($input) && !empty($assetsConfig['enable_asset_sri']) && $assetsConfig['enable_asset_sri']) {
$input = preg_replace('#^' . $uri->rootUrl() . '#', '', $input);
$asset = File::instance(GRAV_WEBROOT . $input);
$hash = hash('sha256', $dataToHash, true);
$hash_base64 = base64_encode($hash);
return ' integrity="sha256-' . $hash_base64 . '"';
if ($asset->exists()) {
$dataToHash = $asset->content();
$hash = hash('sha256', $dataToHash, true);
$hash_base64 = base64_encode($hash);
return ' integrity="sha256-' . $hash_base64 . '"';
}
}
return '';