3
我已经上演在Heroku Django的博客应用程序,一切工作像我应该现在,但我有一个小问题有关Missing Subresource Integrity Protection
。失踪子资源完整性保护
我在使用Heroku的插件相当新的,但我有安全设置tinfoil,最初的扫描后,我曾经遇到过3个漏洞。扫描结果显示,我Missing Subresource Integrity Protection
,他们已经提出了我:
> All externally loaded resources must have their content pinned using
> the subresource integrity mechanisms provided by modern browsers. This
> involves computing a hash of the contents of the resource, and
> specifying this hash when loading that resource. In the case of a
> script, this might look like the following:
<script src="https://example.com/include.js"
integrity="sha256-Rj/9XDU7F6pNSX8yBddiCIIS+XKDTtdq0//No0MH0AE="
crossorigin="anonymous"></script>
SRI Hash is an option for computing the necessary hashes.
有人能解释我这一切都说明,所以我可以学到一些东西了这一点,并在未来做什么,所以我能避免这种情况?
我想,我可以把它添加到Django的呢? – PetarP
[目前还没有内置该功能的支持,在Django(https://github.com/cyberdelia/django-pipeline/issues/501)。您需要自行计算并添加它。 –
你能否告诉我如何为我的应用程序计算这个值,或者只是一个提示,将不胜感激。 – PetarP