<script src="//cdnjs.cloudflare.com/ajax/libs/jquery/2.2.3/jquery.min.js" integrity="sha384-I6F5OKECLVtK/BL+8iSLDEHowSAfUo76ZL9+kGAgTRdiByINKJaqTPH/QVNS1VDb" crossorigin="anonymous"></script>
Notice the extra fields in red that you may not normally be used to adding/seeing. If you're a web developer you really want to consider adding these. Why?
The integrity attribute means that when the browser loads jQuery from CloudFlare it's going to calculate the hash of the file (a base64-encoded SHA384 hash in this case per the prefix in the attribute), compare it to the one described on the script tag and then only run it if it checks out. Thus if the CDN has been hacked or somehow your browser is getting a Man-in-the-middled modified version of the file, if the hashes don't match, it won't run it.
The crossorigin attribute is set to anonymous to ensure no creds or identity info is sent with the request (i.e. basic auth or an auth cookie)
Good simple stuff to add and increase the security on your site.
More about neonprimetime
Top Blogs of all-time
- pagerank botnet sql injection walk-thru
- DOM XSS 101 Walk-Through
- An Invoice email and a Hot mess of Java
Top Github Contributions
Copyright © 2016, this post cannot be reproduced or retransmitted in any form without reference to the original post.
No comments:
Post a Comment