12
Views
1
Comments
Subresource Integrity
Question

Hi everyone,

I'm building a web application and figuring out how to apply Subresouce Integrity (https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity) in OutSystems.

Any idea on how to achieve it?

Thanks and regards,

Trung

mvp_badge
MVP
Rank: #26

Hi Trung,

There might be a solution, but this would be a time-consuming one and there is no guaranteed success. I think it would be better to create this as an idea instead of a discussion in the forum.

If you want to solve it yourself, you have to open up the DOM-tree and check which resources are included. Since most of them are from OutSystems side, there is no way to know upfront the size or content, let alone the hash.

For each file, you have to create a hash. Keep in mind that OutSystems generates the code and that the format/size/content might change between each deployment.

In the Preparation of each screen, you have to replace each tag that is referencing a resource with a new tag that references the same resource, but now including the integrity hash. You can use Regex_Replace for this.

This should in the end create an OutSystems application that has the SRI in place, but as soon as the CSS or Javascript of one of the screens changes, your application stops working.

As a short summary, it is possible, but not recommended. Please create an idea and hope for a quick implementation by OutSystems.

Kind regards,

Remco Dekkinga