[AssetMapper] Add Integrity Hashes to ImportMap (wip) #58722
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This is a basic implementation to support integrity hashes within import maps: - Computes a base64-encoded SHA-384 digest in the factory. - Renders the integrity attribute for JavaScript files in the import map. **TODO** - [ ] Make the integrity hash optional (e.g., through a constructor argument in the factory) - [ ] Compute hashes only for certain assets / types / paths ? - [ ] Expose configuration settings - [ ] Adapt the FrameworkBundle / DI - [ ] Determine handling approach for CSS files **Sources** - [Subresource Integrity (SRI) Goals - W3C](https://www.w3.org/TR/SRI/#goals) - [JSPM: JS Integrity with Import Maps](https://jspm.org/js-integrity-with-import-maps) _PS: I'm a bit short on time lately... so if anyone wants to help or take over, please feel free!_
|
Hi @smnandre , I'll be glad to continue to help after the week-end. |
|
Hi @smnandre , did you check smnandre#1 ? |
9bd9761 to
82b44da
Compare
Kocal
reviewed
Nov 7, 2024
Comment on lines
+82
to
+86
| if (null !== $content) { | ||
| return 'sha384-'.base64_encode(hash('sha384', $content, true)); | ||
| } | ||
|
|
||
| return 'sha384-'.base64_encode(hash_file('sha384', $asset->sourcePath, true)); |
There was a problem hiding this comment.
Could be simplified to:
Suggested change
| if (null !== $content) { | |
| return 'sha384-'.base64_encode(hash('sha384', $content, true)); | |
| } | |
| return 'sha384-'.base64_encode(hash_file('sha384', $asset->sourcePath, true)); | |
| $hash = $content !== null ? hash('sha384', $content, true) : hash_file('sha384', $asset->sourcePath, true); | |
| return 'sha384-'.base64_encode($hash); |
There was a problem hiding this comment.
Not sure if adding a var is worth it here. This code is not in the hotpath, so i'd maybe vote for code readability.
wdyt ?
|
@smnandre Is it still something you want to finish working on? |
|
I may find some time to.. but not before mid-week :| |
This was referenced May 16, 2025
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
-- Opening early to (hopefully) gather feedback and ideas --
This is a basic implementation to support integrity hashes within import maps:
TODO
Sources
PS: I'm a bit short on time lately... so if anyone wants to help or take over, please feel free!