sebdesign/laravel-sri

Subresource Integrity (SRI) package for Laravel

v2.2.0 2020-09-07 17:21 UTC

This package is auto-updated.

Last update: 2021-01-07 19:04:32 UTC


README

Subresource Integrity (SRI) package for Laravel

Latest Version on Packagist Software License Build Status StyleCI

Reference and generate Subresource Integrity (SRI) hashes from your Laravel Elixir asset pipeline.

Installation

You can install the package via composer:

composer require sebdesign/laravel-sri

Laravel 5.5 uses Package Auto-Discovery, so doesn't require you to manually add the service provider. If you don't use auto-discovery or you are using an older version, you must add the following:

// config/app.php
'providers' => [
    Sebdesign\SRI\SubresourceIntegrityServiceProvider::class,
];

Usage

This package is aimed to reference SRI hashes for css and js files from a sri.json file in your /public folder. In order to generate this file, see the laravel-elixir-sri repository.

To reference the generated hashes from the sri.json in your views, you may use the integrity helper function with the name of the file you are using in your elixir or asset function.

As a fallback, if the given file is not found in the sri.json, it will generate the appropriate hashes on the fly for your convenience.

// Use with elixir() function
<link
    rel="stylesheet"
    href="{{ elixir('css/app.css') }}"
    integrity="{{ integrity('css/app.css') }}"
    crossorigin="anonymous">

// Use with asset() function
<script
    src="{{ asset('js/app.js') }}"
    integrity="{{ integrity('js/app.js') }}" 
    crossorigin="anonymous">
</script>

If you have set the output folder for the sri.json in a different location in your Gulpfile, you can specify its path on the config/sri.php.

// config/sri.php
'path' => '/public/assets',

You can also override the config options by passing an array as a second argument on the integrity helper function:

// Use different hash algorithm
<link
    rel="stylesheet"
    href="{{ elixir('css/app.css') }}"
    integrity="{{ integrity('css/app.css', ['algorithms' => ['sha384']]) }}" 
    crossorigin="anonymous">

Testing

composer test

Changelog

Please see CHANGELOG for more information on what has changed recently.

Contributing

Please see CONTRIBUTING for details.

Security

If you discover any security related issues, please email info@sebdesign.eu instead of using the issue tracker.

License

The MIT License (MIT). Please see License File for more information.