From 317cb2ae094ec0edcfc38a1af9bd51880389ca65 Mon Sep 17 00:00:00 2001 From: XhmikosR Date: Thu, 14 Sep 2023 17:02:13 +0300 Subject: [PATCH] download: Reword CDN paragraph (#39179) --- .cspell.json | 1 + site/content/docs/5.3/getting-started/download.md | 14 ++++++++++++-- 2 files changed, 13 insertions(+), 2 deletions(-) diff --git a/.cspell.json b/.cspell.json index e477ef83d393..484af2af58d7 100644 --- a/.cspell.json +++ b/.cspell.json @@ -40,6 +40,7 @@ "dropright", "dropstart", "dropup", + "dgst", "errorf", "favicon", "favicons", diff --git a/site/content/docs/5.3/getting-started/download.md b/site/content/docs/5.3/getting-started/download.md index 9c20c6bb2296..f813e48de5b5 100644 --- a/site/content/docs/5.3/getting-started/download.md +++ b/site/content/docs/5.3/getting-started/download.md @@ -54,9 +54,19 @@ If you're using our compiled JavaScript and prefer to include Popper separately, We recommend [jsDelivr](https://www.jsdelivr.com/) and use it ourselves in our documentation. However, in some cases—like in some specific countries or environments—you may need to use other CDN providers like [cdnjs](https://cdnjs.com/) or [unpkg](https://unpkg.com/). -You'll find the same files on these CDN providers, albeit with different URLs. When changing the URLs, you'll also need to update the `integrity` attribute. Tools like [SRI Hash Generator](https://www.srihash.org/) can help you generate the correct values. +You'll find the same files on these CDN providers, albeit with different URLs. With cdnjs, you can [use this direct Bootstrap package link](https://cdnjs.com/libraries/bootstrap) to copy and paste ready-to-use HTML snippets for each dist file from any version of Bootstrap. -With cdnjs, you can [use this direct Bootstrap package link](https://cdnjs.com/libraries/bootstrap) to copy and paste ready-to-use HTML snippets for each dist file from any version of Bootstrap. +{{< callout warning>}} +**If the SRI hashes differ for a given file, you shouldn't use the files from that CDN, because it means that the file was modified by someone else.** +{{< /callout >}} + +Note that you should compare same length hashes, e.g. `sha384` with `sha384`, otherwise it's expected for them to be different. +As such, you can use an online tool like [SRI Hash Generator](https://www.srihash.org/) to make sure that the hashes are the same for a given file. +Alternatively, assuming you have OpenSSL installed, you can achieve the same from the CLI, for example: + +```sh +openssl dgst -sha384 -binary bootstrap.min.js | openssl base64 -A +``` ## Package managers