Sub-resource integrity hashes are something that make using content from public CDNs that little be more secure but the common ones don't make it easy to find out what the hash should be.
jsdelivr is used in the Bootstrap documentation but the quickstart unhelpfully doesn't include the SRI by default.
The simplest way to get the hash is to search for content you're using via the search function on the main site. You can then get an option to copy the SRI to your clipboard.
However you can also see the value in the jsdeliver API by taking the resource path and replacing the start with
https://data.jsdelivr.com/v1/package/ and removing the path. This will show the all the API information for the entire package including the hash (which is SHA 256). See the Bootstrap entry as an example.
Top comments (0)