Sub-resource integrity hashes are something that make using content from public CDNs that little be more secure but the common ones don't make it easy to find out what the hash should be.
jsdelivr is used in the Bootstrap documentation but the quickstart unhelpfully doesn't include the SRI by default.
The simplest way to get the hash is to search for the package you're using via the search function on the main site. You can then get an option to copy the SRI to your clipboard as one of the options from the Install box.
However you can also see the value in the jsdeliver API by taking the resource path and replacing the start with https://data.jsdelivr.com/v1/package/
and removing the path element relating to the distributed file. This will show the all the API information for the entire package including the hash (which is SHA 256). See the Bootstrap entry as an example.
Top comments (0)