Add subresource integrity for JS and CSS assets (#15096)

Fix #2744
2020-11-06 11:56:31 +01:00 · 2020-11-06 11:56:31 +01:00 · 9b1f2a4b61
commit 9b1f2a4b61
parent 68d4b2b83e
31 changed files with 79 additions and 39 deletions
--- a/app/views/layouts/application.html.haml
+++ b/app/views/layouts/application.html.haml
@ -21,10 +21,10 @@

    %title= content_for?(:page_title) ? safe_join([yield(:page_title).chomp.html_safe, title], ' - ') : title

-    = stylesheet_pack_tag 'common', media: 'all'
-    = stylesheet_pack_tag current_theme, media: 'all'
-    = javascript_pack_tag 'common', integrity: true, crossorigin: 'anonymous'
-    = javascript_pack_tag "locale_#{I18n.locale}", integrity: true, crossorigin: 'anonymous'
+    = stylesheet_pack_tag 'common', media: 'all', crossorigin: 'anonymous'
+    = stylesheet_pack_tag current_theme, media: 'all', crossorigin: 'anonymous'
+    = javascript_pack_tag 'common', crossorigin: 'anonymous'
+    = javascript_pack_tag "locale_#{I18n.locale}", crossorigin: 'anonymous'
    = csrf_meta_tags
    %meta{ name: 'style-nonce', content: request.content_security_policy_nonce }