integrity-check
This plugin implements Subresource Integrity (SRI) checking using the SubtleCrypto API.
It can be used in conjunction with plugins that set SRI data on requests (like basic-integrity
) to verify integrity of data retrieved via transport plugins that cannot be expected to verify integrity automatically.
The integrity-check
plugin supports the following configuration options:
uses
(required)
An Array containing exactly one object: config of the wrapped plugin that will actually handle the request.
For any request, once a Response is returned from that wrapped plugin, the integrity-check
plugin will calculate the hash of the content and compare it to integrity data available in the Request.
requireIntegrity
(default: false
)
A flag signalling whether every requested URL has to have integrity data available.
If there is no integrity data available for an URL, and requireIntegrity
is set to true
, the request will not be allowed to proceed.
The checks are performed based on the integrity
field of the Request object, against the data returned from the configured wrapped plugin.
If requireIntegrity
configuration flag is set to true
, requests with no integrity
field will not be allowed to proceed; an error is returned instead.
Calculating integrity hashes is CPU-intensive and while on most devices for small files (CSS, HTML, JS, images) it will be almost unnoticable to the user, enforcing integrity checks on large content (videos, etc.) might lead to considerable spike in reasource use.