使用Require JS的angularJS应用程序中的子资源完整性 [英] Subresource Integrity in angularJS App which uses Require JS
问题描述
我在下面的index.html文件中有一个角度应用程序
I have an angular application with below index.html file
考虑一下我的index.html页面,我具有以下SRI(子资源完整性)代码
Consider in my index.html page I have the following code for SRI (SubResource Integrity)
<html>
<head>
<meta http-equiv="Content-Security-Policy"
content="script-src 'self' scripts/alert.js 'unsafe-inline' 'unsafe-eval' 'sha256-qznLcsROx4GACP2dm0UCKCzCG+HiZ1guq6ZZDob/Tng='">
<script src="scripts/alert.js"
integrity="sha256-qznLcsROx4GACP2dm0UCKCzCG+HiZ1guq6ZZDob/Tng="
crossorigin="anonymous"></script>
</head>
</html>
如果我使用的是要求JS,则必须将"alert.js"的脚本包含项移到"main.js"文件中,如下所示
In case, if I am using require JS, then I have to move the script inclusion of 'alert.js' to 'main.js' file as below
require.config({
// alias libraries paths
paths: {
'jquery': '/scripts/alert'
},
// kick start application
deps: ['../app/require.bootstrap']
})
有人可以帮助我在路径中引用alert.js脚本时如何将完整性属性包括到main.js文件中.
Can someone help me how to include the integrity attribute to the main.js file while referring the alert.js script in the paths.
推荐答案
如果我正确理解了您的问题,则希望对通过require js引用的脚本使用Sub Resource Integrity.请注意,要执行此操作,您需要RequireJS 2.1.19或更高版本(请参见 http://requirejs. org/docs/download.html ).
If I understand your question correctly, you want to use Sub Resource Integrity for scripts referenced via require js. Note, that in order to do this you need RequireJS version 2.1.19 or later (see http://requirejs.org/docs/download.html).
有关工作示例(引用jQuery),请参见以下代码: http://plnkr.co/edit/kzqLjUThJRtoEruCCtMt?p =预览.希望您应该能够将此方法复制到您的项目中.
For a working example (referencing jQuery), see this plunker: http://plnkr.co/edit/kzqLjUThJRtoEruCCtMt?p=preview. Hopefully you should be able to copy this method to your project.
我的示例将完整性/跨域属性用于:
My example uses integrity/crossorigin attributes for:
- RequireJS本身(通过
index.html
文件) - jQuery(通过配置文件
main.js
和您感兴趣的东西)
- RequireJS itself (through the
index.html
file) - jQuery (via the config file
main.js
and the interesting thing for you)
这是基于RequireJS钩子onNodeCreated
和类似代码的
This is built on the RequireJS hook onNodeCreated
and code like
onNodeCreated: function(node, config, module, path) {
node.setAttribute('integrity', integrityForModule);
node.setAttribute('crossorigin', 'anonymous');
}
请注意,此示例未将SRI用于配置文件main.js
文件.为此,要么
Please note that this example does NOT use SRI for the config file main.js
file. In order to accomplish that, either
- 在
index.html
页面中包括内联RequireJS配置 - ...或通过额外的脚本标签(带有完整性/交叉)而不是通过
data-main
属性引用main.js
(配置文件)
- include the RequireJS config inline in the
index.html
page - ...or reference
main.js
(the config file) through an extra script tag (with integrity/crossover), and not via thedata-main
attribute
这篇关于使用Require JS的angularJS应用程序中的子资源完整性的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!