Implement SRI, says Moz Observatory
colindean opened this issue · 7 comments
Quoth Mozilla Observatory, which gives brew.sh a D rating as of d60d598:
Test | Pass | Score | Reason | Info |
---|---|---|---|---|
Subresource Integrity | ❌ | -5 | Subresource Integrity (SRI) not implemented, but all external scripts are loaded over HTTPS | Subresource Integrity protects against JavaScript files and stylesheets stored on content delivery networks (CDNs) from being maliciously modified. |
https://infosec.mozilla.org/guidelines/web_security#subresource-integrity has instructions.
It looks like we have some SRI in place already but need to add it one other:
Lines 158 to 165 in d60d598
There's an issue open upstream about this: algolia/docsearch#1561
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
Keep open. I have a plan that might involve moving that in-page js to a file.
This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.
Still on my todo list.
Don't think we need to keep this issue open given the PR.