From d17e02eaf84d3a0806821dbaa7a547428be8bae6 Mon Sep 17 00:00:00 2001 From: Vincenzo Chianese Date: Tue, 6 Dec 2016 13:20:09 +0100 Subject: [PATCH] Add Subresource Integrity support (#1176) * Add Subresource Integrity support * Pin dependency --- packages/react-scripts/config/webpack.config.prod.js | 5 +++++ packages/react-scripts/package.json | 1 + 2 files changed, 6 insertions(+) diff --git a/packages/react-scripts/config/webpack.config.prod.js b/packages/react-scripts/config/webpack.config.prod.js index bae24d1a46..df970584a9 100644 --- a/packages/react-scripts/config/webpack.config.prod.js +++ b/packages/react-scripts/config/webpack.config.prod.js @@ -15,6 +15,7 @@ var HtmlWebpackPlugin = require('html-webpack-plugin'); var ExtractTextPlugin = require('extract-text-webpack-plugin'); var ManifestPlugin = require('webpack-manifest-plugin'); var InterpolateHtmlPlugin = require('react-dev-utils/InterpolateHtmlPlugin'); +var SubresourceIntegrityPlugin = require('webpack-subresource-integrity'); var url = require('url'); var paths = require('./paths'); var getClientEnvironment = require('./env'); @@ -259,6 +260,10 @@ module.exports = { // having to parse `index.html`. new ManifestPlugin({ fileName: 'asset-manifest.json' + }), + // Generate and inject subresources hashes in the final `index.html`. + new SubresourceIntegrityPlugin({ + hashFuncNames: ['sha256', 'sha384'] }) ], // Some libraries import Node modules but don't use them in the browser. diff --git a/packages/react-scripts/package.json b/packages/react-scripts/package.json index a379cab425..9a13efce14 100644 --- a/packages/react-scripts/package.json +++ b/packages/react-scripts/package.json @@ -64,6 +64,7 @@ "webpack": "1.13.2", "webpack-dev-server": "1.16.2", "webpack-manifest-plugin": "1.1.0", + "webpack-subresource-integrity": "0.7.0", "whatwg-fetch": "1.0.0" }, "devDependencies": {