django-vite icon indicating copy to clipboard operation
django-vite copied to clipboard

Published 20 hours ago verified publisher icon MrBin99

SRI support

Open emab opened this issue 2 years ago • 0 comments

Although Vite doesn't offer first class SRI support, it's something that users of django-vite may be interested in.

Since this package allows you to host multiple JS packages via script tags on a webpage, it would be great to allow integration with the vite-plugin-manifest-sri plugin.

The plugin adds an integrity entry to the generated Vite manifest. In a fork I'm working on, I've introduced an environment variable DJANGO_VITE_USE_MANIFEST_INTEGRITY which, if enabled, attempts to use the integrity value from the Vite manifest within the script tag.

What would be your thoughts on supporting this? I realise that it requires an external plugin to even get the integrity property into the manifest, but SRI is a large concern for some users and doing it this way makes it very easy to implement.

Resource information

  • SRI - https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
  • vite-plugin-manifest-sri - https://github.com/ElMassimo/vite-plugin-manifest-sri
  • django-sri - https://github.com/RealOrangeOne/django-sri

emab avatar Jun 06 '23 15:06 emab