locked
How to disable subresouce integrity in a js file for newly added javascript function for testing at development server? RRS feed

  • Question

  • User1863743076 posted

    In asp.net webform page, below script element included

    development server is enabled for subresouce integrity. I have added a new javascript function at pagevalidations.js. during the runtime, the function is not called, the following error is throwing

    Failed to find a valid digest in the 'integrity' attribute for resource .../pagevalidations.js. the resouce has been blocked

    How to disable 'integrity' feature for the particular script element for testing the functionality at development server ( so that, before production deployment, new hash key will be generated for the updated/new js function added pagevalidations.js file and will be updated in this script element accordingly)

    Thanks in Advance.

    Friday, April 16, 2021 2:07 AM

All replies

  • User475983607 posted

    How to disable 'integrity' feature for the particular script element for testing the functionality at development server 

    Remove the "integrity" property from the script element while testing  Then the browser will not compare the JavaScript file to the hash.

    Friday, April 16, 2021 1:44 PM
  • User1535942433 posted

    Hi Brillia,

    Fetching external resources, for example from a CDN, without verifying their integrity could impact the security of an application if the CDN gets compromised and resources are replaced by malicious ones. Resources integrity feature will block resources inclusion into an application if the pre-computed digest of the expected resource doesn't match with the digest of the retrieved resource.

    I recommend Secure Coding Practices:

    • implement resources integrity checks for all static resources (where "static" means that the resource's content doesn't change dynamically based on the browser)
    • use versioned resources instead of using "latest" version of the resource
    <script src="https://cdnexample.com/script.js" integrity="sha384-oqVuAfXRKap7fdgcCY5uykM6+R9GqQ8K/uxy9rx7HNQlGYl1kPzQho1wx4JwY8wC"></script> <!-- Compliant: integrity value should be replaced with the digest of the expected resource -->

    More details,you could refer to below article:

    https://rules.sonarsource.com/html/RSPEC-5725

    Best regards,

    Yijing Sun

    Monday, April 19, 2021 2:28 AM