Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add subresource integrity #2030

Merged
merged 3 commits into from
Nov 5, 2024
Merged

Add subresource integrity #2030

merged 3 commits into from
Nov 5, 2024

Conversation

asiia-trilitech
Copy link
Contributor

@asiia-trilitech asiia-trilitech commented Oct 24, 2024
edited
Loading

Proposed changes

Security review issue link

Use SRI in the production environment when loading third-party or CDN-hosted assets, to ensure the browser rejects any assets whose content does not match the expected hash.

Types of changes

  • Bugfix
  • New feature
  • Refactor
  • Breaking change
  • UI fix

Steps to reproduce

Screenshots

Web

Screenshot 2024-10-31 at 15 55 53

Embed

Screenshot 2024-10-31 at 16 05 46 Screenshot 2024-10-31 at 16 05 09

Checklist

  • Tests that prove my fix is effective or that my feature works have been added
  • Documentation has been added (if appropriate)
  • Screenshots are added (if any UI changes have been made)
  • All TODOs have a corresponding task created (and the link is attached to it)

@vercel Vercel
Copy link

vercel bot commented Oct 24, 2024
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
test-umami-embed-tb-deleted ✅ Ready (Inspect) Visit Preview 💬 Add feedback Nov 5, 2024 5:38pm
umami-embed-iframe ✅ Ready (Inspect) Visit Preview 💬 Add feedback Nov 5, 2024 5:38pm
umami-embed-iframe-ghostnet ✅ Ready (Inspect) Visit Preview 💬 Add feedback Nov 5, 2024 5:38pm
umami-embed-iframe-mainnet ✅ Ready (Inspect) Visit Preview 💬 Add feedback Nov 5, 2024 5:38pm
umami-v2-web ✅ Ready (Inspect) Visit Preview 💬 Add feedback Nov 5, 2024 5:38pm
umami-v2-web-storybook ✅ Ready (Inspect) Visit Preview 💬 Add feedback Nov 5, 2024 5:38pm

@asiia-trilitech asiia-trilitech force-pushed the add-subresource-integrity-to-web branch from 78d508a to f9033b9 Compare October 24, 2024 14:55
@asiia-trilitech asiia-trilitech changed the title Add subresource integrity to web Add subresource integrity Oct 29, 2024
@asiia-trilitech asiia-trilitech force-pushed the add-subresource-integrity-to-web branch from f9033b9 to af1de24 Compare October 31, 2024 15:01
@asiia-trilitech asiia-trilitech marked this pull request as ready for review October 31, 2024 16:06
OKendigelyan
OKendigelyan approved these changes Nov 5, 2024
View reviewed changes
Copy link
Contributor

@OKendigelyan OKendigelyan left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM!

@asiia-trilitech asiia-trilitech force-pushed the add-subresource-integrity-to-web branch from eebe398 to 9968222 Compare November 5, 2024 17:33
@vercel vercel bot temporarily deployed to Preview – umami-v2-web November 5, 2024 17:35 Inactive
@asiia-trilitech asiia-trilitech merged commit 4e0fdc1 into main Nov 5, 2024
10 checks passed
@asiia-trilitech asiia-trilitech deleted the add-subresource-integrity-to-web branch November 5, 2024 17:48
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@OKendigelyan OKendigelyan OKendigelyan approved these changes

@serjonya-trili serjonya-trili Awaiting requested review from serjonya-trili

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@asiia-trilitech @OKendigelyan