使用Require JS的angularJS应用程序中的子资源完整性 [英] Subresource Integrity in angularJS App which uses Require JS

问题描述

我在下面的index.html文件中有一个角度应用程序

I have an angular application with below index.html file

考虑一下我的index.html页面，我具有以下SRI(子资源完整性)代码

Consider in my index.html page I have the following code for SRI (SubResource Integrity)

<html>
<head>
<meta http-equiv="Content-Security-Policy" 
      content="script-src 'self' scripts/alert.js 'unsafe-inline' 'unsafe-eval' 'sha256-qznLcsROx4GACP2dm0UCKCzCG+HiZ1guq6ZZDob/Tng='">

<script src="scripts/alert.js"
        integrity="sha256-qznLcsROx4GACP2dm0UCKCzCG+HiZ1guq6ZZDob/Tng="
        crossorigin="anonymous"></script>
</head>
</html>

如果我使用的是要求JS，则必须将"alert.js"的脚本包含项移到"main.js"文件中，如下所示

In case, if I am using require JS, then I have to move the script inclusion of 'alert.js' to 'main.js' file as below

require.config({


    // alias libraries paths
    paths: {
            'jquery': '/scripts/alert'
            },
    // kick start application
    deps: ['../app/require.bootstrap']
 })

有人可以帮助我在路径中引用alert.js脚本时如何将完整性属性包括到main.js文件中.

Can someone help me how to include the integrity attribute to the main.js file while referring the alert.js script in the paths.

推荐答案

如果我正确理解了您的问题，则希望对通过require js引用的脚本使用Sub Resource Integrity.请注意，要执行此操作，您需要RequireJS 2.1.19或更高版本(请参见 http://requirejs. org/docs/download.html ).

If I understand your question correctly, you want to use Sub Resource Integrity for scripts referenced via require js. Note, that in order to do this you need RequireJS version 2.1.19 or later (see http://requirejs.org/docs/download.html).

有关工作示例(引用jQuery)，请参见以下代码: http://plnkr.co/edit/kzqLjUThJRtoEruCCtMt?p =预览.希望您应该能够将此方法复制到您的项目中.

For a working example (referencing jQuery), see this plunker: http://plnkr.co/edit/kzqLjUThJRtoEruCCtMt?p=preview. Hopefully you should be able to copy this method to your project.

我的示例将完整性/跨域属性用于:

My example uses integrity/crossorigin attributes for:

• RequireJS本身(通过index.html文件)
• jQuery(通过配置文件main.js和您感兴趣的东西)

• RequireJS itself (through the index.html file)
• jQuery (via the config file main.js and the interesting thing for you)

这是基于RequireJS钩子onNodeCreated和类似代码的

This is built on the RequireJS hook onNodeCreated and code like

onNodeCreated: function(node, config, module, path) {
    node.setAttribute('integrity', integrityForModule);
    node.setAttribute('crossorigin', 'anonymous');
}

请注意，此示例未将SRI用于配置文件main.js文件.为此，要么

Please note that this example does NOT use SRI for the config file main.js file. In order to accomplish that, either

• 在index.html页面中包括内联RequireJS配置
• ...或通过额外的脚本标签(带有完整性/交叉)而不是通过data-main属性引用main.js(配置文件)

• include the RequireJS config inline in the index.html page
• ...or reference main.js (the config file) through an extra script tag (with integrity/crossover), and not via the data-main attribute

这篇关于使用Require JS的angularJS应用程序中的子资源完整性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！