-
Notifications
You must be signed in to change notification settings - Fork 27.3k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Subresource Integrity (SRI) not working #66901
Comments
Adding
I wonder if this is fixed in react by now (the comment was added Aug 30, 2023 in #54752), and if not, what is missing in react, and if there is a tracking issue in the react repo. |
Now supported in Safari 18 https://webkit.org/blog/15865/webkit-features-in-safari-18-0/
|
This closed issue has been automatically locked because it had no new activity for 2 weeks. If you are running into a similar issue, please create a new issue with the steps to reproduce. Thank you. |
Link to the code that reproduces this issue
https://github.com/darthmaim-reproductions/vercel-next.js-66901
To Reproduce
npm run build && npm run start
Current vs. Expected behavior
Current
No
integrity
attribute present on any<script>
Expected
integrity
attribute added to<script>
Provide environment information
Operating System: Platform: linux Arch: x64 Version: #1 SMP Thu Jan 11 04:09:03 UTC 2024 Available memory (MB): 15953 Available CPU cores: 8 Binaries: Node: 20.7.0 npm: 10.1.0 Yarn: 1.22.19 pnpm: 6.11.0 Relevant Packages: next: 15.0.0-canary.32 // Latest available version is detected (15.0.0-canary.32). eslint-config-next: N/A react: 19.0.0-rc.0 react-dom: 19.0.0-rc.0 typescript: 5.3.3 Next.js Config: output: N/A
Which area(s) are affected? (Select all that apply)
Not sure
Which stage(s) are affected? (Select all that apply)
next start (local), Other (Deployed)
Additional context
The only change to the reproduction template was adding this config to
next.config.mjs
:There is a test (https://github.com/vercel/next.js/tree/canary/test/production/app-dir/subresource-integrity) that is supposed to test this, which has the same config as my reproduction repository, but I was not able to get SRI working.
There is a
.next/server/subresource-integrity-manifest.json
file generated which contains all the correct hashes.The text was updated successfully, but these errors were encountered: