twbs
Support CDN usage
Using Bootstrap from CDN requires an exact version number that is not tied to gem releases. Although historically Bootstrap::VERSION has mirrored the official Bootstrap version number, this might not always be the case. Therefore, this patch adds Bootstrap::VENDOR_VERSION, which is updated by the updater task.
Additionally, it is best practice to employ subresource integrity hashes when using any public CDN. To support this, this patch adds Bootstrap::VENDOR_INTEGRITY, which is a Hash mapping asset names to their properly-encoded integrity hashes. This Hash is also updated by the updater task.
Here is an example of usage:
<script
src="https://stackpath.bootstrapcdn.com/bootstrap/<%= Bootstrap::VENDOR_VERSION %>/js/bootstrap.bundle.min.js"
integrity="<%= Bootstrap::VENDOR_INTEGRITY["bootstrap.bundle.min.js"] %>"
crossorigin="anonymous"></script>
It would be nice to wrap that up in a helper method like <%= Bootstrap.js_cdn_tag(bundle: true) %>, but I wasn't sure if that would be considered outside the scope of this gem. It would endorse a specific CDN, but perhaps that's acceptable, since it is the official Bootstrap CDN. Also, the helper method should probably include something akin to .try(:html_safe), which might feel out of place.
Either way, I can add mention of this to the README, if desired.
