sebdesign / laravel-sri
Subresource Integrity (SRI) package for Laravel
Installs: 39 061
Dependents: 0
Suggesters: 0
Security: 0
Stars: 24
Watchers: 5
Forks: 1
Open Issues: 0
Requires
- php: ^7.1|^8.0
- laravel/framework: ^5.5|^6.20.42|^7.0|^8.0|^9.0|^10.0
Requires (Dev)
- mockery/mockery: ^1.0
- orchestra/testbench: ^3.5|^4.0|^5.0|^6.0|^7.0|^8.0
- phpunit/phpunit: ^6.0|^7.0|^8.0|^9.3
README
Subresource Integrity (SRI) package for Laravel
Reference and generate Subresource Integrity (SRI) hashes from your Laravel Elixir asset pipeline.
Installation
You can install the package via composer:
composer require sebdesign/laravel-sri
Laravel 5.5 uses Package Auto-Discovery, so doesn't require you to manually add the service provider. If you don't use auto-discovery or you are using an older version, you must add the following:
// config/app.php 'providers' => [ Sebdesign\SRI\SubresourceIntegrityServiceProvider::class, ];
Usage
This package is aimed to reference SRI hashes for css
and js
files from a sri.json
file in your /public
folder. In order to generate this file, see the laravel-elixir-sri repository.
To reference the generated hashes from the sri.json
in your views, you may use the integrity
helper function with the name of the file you are using in your elixir
or asset
function.
As a fallback, if the given file is not found in the sri.json
, it will generate the appropriate hashes on the fly for your convenience.
// Use with elixir() function <link rel="stylesheet" href="{{ elixir('css/app.css') }}" integrity="{{ integrity('css/app.css') }}" crossorigin="anonymous"> // Use with asset() function <script src="{{ asset('js/app.js') }}" integrity="{{ integrity('js/app.js') }}" crossorigin="anonymous"> </script>
If you have set the output folder for the sri.json
in a different location in your Gulpfile, you can specify its path
on the config/sri.php
.
// config/sri.php 'path' => '/public/assets',
You can also override the config options by passing an array as a second argument on the integrity
helper function:
// Use different hash algorithm <link rel="stylesheet" href="{{ elixir('css/app.css') }}" integrity="{{ integrity('css/app.css', ['algorithms' => ['sha384']]) }}" crossorigin="anonymous">
Testing
composer test
Changelog
Please see CHANGELOG for more information on what has changed recently.
Contributing
Please see CONTRIBUTING for details.
Security
If you discover any security related issues, please email info@sebdesign.eu instead of using the issue tracker.
License
The MIT License (MIT). Please see License File for more information.