resilient.is/docs

Plugin: integrity-check

This plugin implements Subresource Integrity (SRI) checking using the SubtleCrypto API.

It can be used in conjunction with plugins that set SRI data on requests (like basic-integrity) to verify integrity of data retrieved via transport plugins that cannot be expected to verify integrity automatically.

Configuration

The integrity-check plugin supports the following configuration options:

Operation

The checks are performed based on the integrity field of the Request object, against the data returned from the configured wrapped plugin.

If requireIntegrity configuration flag is set to true, requests with no integrity field will not be allowed to proceed; an error is returned instead.

Performance and usability considerations

Calculating integrity hashes is CPU-intensive and while on most devices for small files (CSS, HTML, JS, images) it will be almost unnoticable to the user, enforcing integrity checks on large content (videos, etc.) might lead to considerable spike in reasource use.