使用 Require JS 的 angularJS App 中的子资源完整性 [英] Subresource Integrity in angularJS App which uses Require JS

问题描述

我有一个带有以下 index.html 文件的 Angular 应用程序

I have an angular application with below index.html file

考虑在我的 index.html 页面中，我有以下 SRI(子资源完整性)代码

Consider in my index.html page I have the following code for SRI (SubResource Integrity)

<html>
<head>
<meta http-equiv="Content-Security-Policy" 
      content="script-src 'self' scripts/alert.js 'unsafe-inline' 'unsafe-eval' 'sha256-qznLcsROx4GACP2dm0UCKCzCG+HiZ1guq6ZZDob/Tng='">

<script src="scripts/alert.js"
        integrity="sha256-qznLcsROx4GACP2dm0UCKCzCG+HiZ1guq6ZZDob/Tng="
        crossorigin="anonymous"></script>
</head>
</html>

如果我使用的是 require JS，那么我必须将包含alert.js"的脚本移动到main.js"文件中，如下所示

In case, if I am using require JS, then I have to move the script inclusion of 'alert.js' to 'main.js' file as below

require.config({


    // alias libraries paths
    paths: {
            'jquery': '/scripts/alert'
            },
    // kick start application
    deps: ['../app/require.bootstrap']
 })

有人可以帮助我在路径中引用 alert.js 脚本时如何将完整性属性包含到 main.js 文件中.

Can someone help me how to include the integrity attribute to the main.js file while referring the alert.js script in the paths.

推荐答案

如果我正确理解您的问题，您希望对通过 require js 引用的脚本使用子资源完整性.请注意，要执行此操作，您需要 RequireJS 2.1.19 或更高版本(请参阅 http://requirejs.js).org/docs/download.html).

If I understand your question correctly, you want to use Sub Resource Integrity for scripts referenced via require js. Note, that in order to do this you need RequireJS version 2.1.19 or later (see http://requirejs.org/docs/download.html).

有关工作示例(引用 jQuery)，请参阅此 plunker:http://plnkr.co/edit/kzqLjUThJRtoEruCCtMt?p=preview.希望您能够将此方法复制到您的项目中.

For a working example (referencing jQuery), see this plunker: http://plnkr.co/edit/kzqLjUThJRtoEruCCtMt?p=preview. Hopefully you should be able to copy this method to your project.

我的示例将完整性/跨域属性用于:

My example uses integrity/crossorigin attributes for:

• RequireJS 本身(通过 index.html 文件)
• jQuery(通过配置文件 main.js 和你感兴趣的东西)

• RequireJS itself (through the index.html file)
• jQuery (via the config file main.js and the interesting thing for you)

这是建立在 RequireJS hook onNodeCreated 和类似代码

This is built on the RequireJS hook onNodeCreated and code like

onNodeCreated: function(node, config, module, path) {
    node.setAttribute('integrity', integrityForModule);
    node.setAttribute('crossorigin', 'anonymous');
}

请注意，此示例不将 SRI 用于配置文件 main.js 文件.为了实现这一点，要么

Please note that this example does NOT use SRI for the config file main.js file. In order to accomplish that, either

• 在 index.html 页面中内联包含 RequireJS 配置
• ...或通过额外的脚本标记(具有完整性/交叉)而不是通过 data-main 属性引用 main.js(配置文件)

• include the RequireJS config inline in the index.html page
• ...or reference main.js (the config file) through an extra script tag (with integrity/crossover), and not via the data-main attribute

这篇关于使用 Require JS 的 angularJS App 中的子资源完整性的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！