Generate integrity sha384 for script

[johansmitsnl]

For the CSP it would be nice if we could generate the sha calculation to create better security of the files that needs to be loaded in javascript. https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity#subresource_integrity_with_the_script_element

[github-actions]

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

[johansmitsnl]

Activity

[adryzz]

I wanna try working on this and submitting a PR as soon as i'm done with my other PR.
does this rust playground snippet work?

also, it supports sha256, sha384 and sha512 hashes, i think we should implement them all.

[adryzz]

ok so i feel like there should be both an opt-in per file and a global option (with per-file opt-out).

<link data-trunk rel="tailwind-css" href="src/tailwind.css" integrity="none"/>
<link data-trunk rel="tailwind-css" href="src/tailwind.css" integrity="sha256"/>
<link data-trunk rel="tailwind-css" href="src/tailwind.css" integrity="sha384"/>
<link data-trunk rel="tailwind-css" href="src/tailwind.css" integrity="sha512"/>

and then a --integrity option to set it globally?

i'll start working on this now as i feel like it's a nice addition, we'll see about naming changes when i'm actually done implementing it.

[johansmitsnl]

@adryzz this looks good. Will this also apply for all the js and wasm glue to?

[adryzz]

it will, but while i have basic functionality working, i need to make it all clean and working properly without any hacks before i submit the PR

[github-actions]

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

[johansmitsnl]

Not stale :)

[github-actions]

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

[ctron]

I will try get this implemented into trunk-ng, as we seem to have a need for this too.

[ctron]

For the WASM and loader script, this is part of the trung-ng branch now: https://github.com/ctron/trunk … I might release this in the next few days with trunk-ng.

[johansmitsnl]

@ctron when can we expect a release of trunk-ng?

[ctron]

I just released 0.17.12 which contains this: https://github.com/ctron/trunk/releases/tag/v0.17.12

[github-actions]

This issue is stale because it has been open 30 days with no activity. Remove stale label or comment or this will be closed in 5 days.

[ctron]

This got merged with #623 and it should be part of the next trunk release too.

[ctron]

Released with trunk 0.18.0