sebdesign / laravel-sri
Subresource Integrity (SRI) package for Laravel
Installs: 39 555
Dependents: 0
Suggesters: 0
Security: 0
Stars: 23
Watchers: 4
Forks: 1
Open Issues: 0
pkg:composer/sebdesign/laravel-sri
Requires
- php: ^7.1|^8.0
- laravel/framework: ^5.5|^6.20.42|^7.0|^8.0|^9.0|^10.0
Requires (Dev)
- mockery/mockery: ^1.0
- orchestra/testbench: ^3.5|^4.0|^5.0|^6.0|^7.0|^8.0
- phpunit/phpunit: ^6.0|^7.0|^8.0|^9.3
README
Subresource Integrity (SRI) package for Laravel
Reference and generate Subresource Integrity (SRI) hashes from your Laravel Elixir asset pipeline.
Installation
You can install the package via composer:
composer require sebdesign/laravel-sri
Laravel 5.5 uses Package Auto-Discovery, so doesn't require you to manually add the service provider. If you don't use auto-discovery or you are using an older version, you must add the following:
// config/app.php 'providers' => [ Sebdesign\SRI\SubresourceIntegrityServiceProvider::class, ];
Usage
This package is aimed to reference SRI hashes for css and js files from a sri.json file in your /public folder. In order to generate this file, see the laravel-elixir-sri repository.
To reference the generated hashes from the sri.json in your views, you may use the integrity helper function with the name of the file you are using in your elixir or asset function.
As a fallback, if the given file is not found in the sri.json, it will generate the appropriate hashes on the fly for your convenience.
// Use with elixir() function <link rel="stylesheet" href="{{ elixir('css/app.css') }}" integrity="{{ integrity('css/app.css') }}" crossorigin="anonymous"> // Use with asset() function <script src="{{ asset('js/app.js') }}" integrity="{{ integrity('js/app.js') }}" crossorigin="anonymous"> </script>
If you have set the output folder for the sri.json in a different location in your Gulpfile, you can specify its path on the config/sri.php.
// config/sri.php 'path' => '/public/assets',
You can also override the config options by passing an array as a second argument on the integrity helper function:
// Use different hash algorithm <link rel="stylesheet" href="{{ elixir('css/app.css') }}" integrity="{{ integrity('css/app.css', ['algorithms' => ['sha384']]) }}" crossorigin="anonymous">
Testing
composer test
Changelog
Please see CHANGELOG for more information on what has changed recently.
Contributing
Please see CONTRIBUTING for details.
Security
If you discover any security related issues, please email info@sebdesign.eu instead of using the issue tracker.
License
The MIT License (MIT). Please see License File for more information.