You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This plugin will ensure that bundles have not been tampered with, and allow for trusted use of third-party hosting for bundles (such as a public CDN). The general implementation will be as follows:
add an additional provider with the following behavior:
on load: check for a global variable containing a map of bundle filenames to their SHA-1 hashes
on load: if global variable not found, notify the user with an alert() and set internal state such that any requests go to the next runtime bundle provider
on module request: if the module is not contained within a hashed bundle, fall back to the next runtime module provider
on module request: if module is contained within a hashed bundle, create an XHR request for the bundle in question, rather than a script tag
on request success: when XHR 200 response comes back, generate a SHA-1 hash of the bundle's raw text [1]
on request success: if the hash does not match, notify the user with an alert()
on request success: if the hash does match, create a new <script> tag with a src value of data:text/javascript,... [2]
add transform to emitRawBundles step
generate SHA-1 hashes of bundle.raw values [1]
create map of bundle filenames to SHA-1 hashes
append output file to array of bundles, which when loaded sets a global variable that contains the filename:SHA-1 map
Constraints:
script containing hashes must be loaded as a separate script or inlined into the HTML on initial page load
server hosting signed bundles must support XHR requests for the loaded site
Implement the
interlock-signed
plugin.This plugin will ensure that bundles have not been tampered with, and allow for trusted use of third-party hosting for bundles (such as a public CDN). The general implementation will be as follows:
alert()
and set internal state such that any requests go to thenext
runtime bundle providernext
runtime module provideralert()
<script>
tag with asrc
value ofdata:text/javascript,...
[2]transform
toemitRawBundles
stepbundle.raw
values [1]filename:SHA-1
mapConstraints:
[1] http://www.movable-type.co.uk/scripts/sha1.html
[2] https://developer.mozilla.org/en-US/Add-ons/Code_snippets/Rosetta, line 45 of code sample
The text was updated successfully, but these errors were encountered: