Add subresource integrity

DistributedCollective · Nov 23, 2020 · fbe0578 · fbe0578
1 parent 44f79a3
commit fbe0578
Show file tree

Hide file tree

Showing 3 changed files with 17 additions and 2 deletions.
diff --git a/config/webpack.config.js b/config/webpack.config.js
@@ -23,6 +23,7 @@ const ModuleNotFoundPlugin = require('react-dev-utils/ModuleNotFoundPlugin');
 const ForkTsCheckerWebpackPlugin = require('react-dev-utils/ForkTsCheckerWebpackPlugin');
 const typescriptFormatter = require('react-dev-utils/typescriptFormatter');
 const SentryWebpackPlugin = require('@sentry/webpack-plugin');
+const SriPlugin = require('webpack-subresource-integrity');
 
 const postcssNormalize = require('postcss-normalize');
 
@@ -195,6 +196,7 @@ module.exports = function (webpackEnv) {
       // this defaults to 'window', but by setting it to 'this' then
       // module chunks which are built will work in web workers as well.
       globalObject: 'this',
+      crossOriginLoading: 'anonymous',
     },
     optimization: {
       minimize: isEnvProduction,
@@ -666,6 +668,11 @@ module.exports = function (webpackEnv) {
           include: '.',
           ignore: ['node_modules', 'config', 'internals', 'scripts'],
         }),
+      // Sri only enabled in production as it can interfere with hot reloading
+      isEnvProduction &&
+        new SriPlugin({
+          hashFuncNames: ['sha256', 'sha384'],
+        }),
     ].filter(Boolean),
     // Some libraries import Node modules but don't use them in the browser.
     // Tell webpack to provide empty mocks for them so importing them works.

diff --git a/package.json b/package.json
@@ -252,7 +252,8 @@
     "@sentry/webpack-plugin": "1.13.0",
     "@types/mathjs": "6.0.5",
     "@types/socket.io-client": "1.4.34",
-    "node-sass": "4.14.1"
+    "node-sass": "4.14.1",
+    "webpack-subresource-integrity": "1.5.2"
   },
   "babel": {
     "presets": [

diff --git a/yarn.lock b/yarn.lock
@@ -17525,14 +17525,21 @@ [email protected]:
     object.entries "^1.1.0"
     tapable "^1.0.0"
 
-webpack-sources@^1.1.0, webpack-sources@^1.4.0, webpack-sources@^1.4.1, webpack-sources@^1.4.3:
+webpack-sources@^1.1.0, webpack-sources@^1.3.0, webpack-sources@^1.4.0, webpack-sources@^1.4.1, webpack-sources@^1.4.3:
   version "1.4.3"
   resolved "https://registry.yarnpkg.com/webpack-sources/-/webpack-sources-1.4.3.tgz#eedd8ec0b928fbf1cbfe994e22d2d890f330a933"
   integrity sha512-lgTS3Xhv1lCOKo7SA5TjKXMjpSM4sBjNV5+q2bqesbSPs5FjGmU6jjtBSkX9b4qW87vDIsCIlUPOEhbZrMdjeQ==
   dependencies:
     source-list-map "^2.0.0"
     source-map "~0.6.1"
 
+[email protected]:
+  version "1.5.2"
+  resolved "https://registry.yarnpkg.com/webpack-subresource-integrity/-/webpack-subresource-integrity-1.5.2.tgz#e40b6578d3072e2d24104975249c52c66e9a743e"
+  integrity sha512-GBWYBoyalbo5YClwWop9qe6Zclp8CIXYGIz12OPclJhIrSplDxs1Ls1JDMH8xBPPrg1T6ISaTW9Y6zOrwEiAzw==
+  dependencies:
+    webpack-sources "^1.3.0"
+
 [email protected]:
   version "4.42.0"
   resolved "https://registry.yarnpkg.com/webpack/-/webpack-4.42.0.tgz#b901635dd6179391d90740a63c93f76f39883eb8"