Subresource Integrity (SRI) package for Laravel
Reference and generate Subresource Integrity (SRI) hashes from your Laravel Elixir asset pipeline.
You can install the package via composer:
composer require sebdesign/laravel-sri
Laravel 5.5 uses Package Auto-Discovery, so doesn't require you to manually add the service provider. If you don't use auto-discovery or you are using an older version, you must add the following:
// config/app.php
'providers' => [
Sebdesign\SRI\SubresourceIntegrityServiceProvider::class,
];
This package is aimed to reference SRI hashes for css
and js
files from a sri.json
file in your /public
folder. In order to generate this file, see the laravel-elixir-sri repository.
To reference the generated hashes from the sri.json
in your views, you may use the integrity
helper function with the name of the file you are using in your elixir
or asset
function.
As a fallback, if the given file is not found in the sri.json
, it will generate the appropriate hashes on the fly for your convenience.
// Use with elixir() function
<link
rel="stylesheet"
href="{{ elixir('css/app.css') }}"
integrity="{{ integrity('css/app.css') }}"
crossorigin="anonymous">
// Use with asset() function
<script
src="{{ asset('js/app.js') }}"
integrity="{{ integrity('js/app.js') }}"
crossorigin="anonymous">
</script>
If you have set the output folder for the sri.json
in a different location in your Gulpfile, you can specify its path
on the config/sri.php
.
// config/sri.php
'path' => '/public/assets',
You can also override the config options by passing an array as a second argument on the integrity
helper function:
// Use different hash algorithm
<link
rel="stylesheet"
href="{{ elixir('css/app.css') }}"
integrity="{{ integrity('css/app.css', ['algorithms' => ['sha384']]) }}"
crossorigin="anonymous">
composer test
Please see CHANGELOG for more information on what has changed recently.
Please see CONTRIBUTING for details.
If you discover any security related issues, please email [email protected] instead of using the issue tracker.
The MIT License (MIT). Please see License File for more information.