https://github.com/fpapado/csp-strict-dynamic-external-script-hash

Minimal reproduction for external script loading (via the integrity attribute) when strict-dynamic is present in the script-src directive.
https://github.com/fpapado/csp-strict-dynamic-external-script-hash

Last synced: 4 months ago
JSON representation

Minimal reproduction for external script loading (via the integrity attribute) when strict-dynamic is present in the script-src directive.

• Host: GitHub
• URL: https://github.com/fpapado/csp-strict-dynamic-external-script-hash
• Owner: fpapado
• Created: 2024-03-11T10:19:43.000Z (over 2 years ago)
• Default Branch: main
• Last Pushed: 2024-03-11T10:19:59.000Z (over 2 years ago)
• Last Synced: 2025-10-10T21:44:38.605Z (8 months ago)
• Language: HTML
• Homepage:
• Size: 10.7 KB
• Stars: 0
• Watchers: 1
• Forks: 1
• Open Issues: 0
• Metadata Files:
  • Readme: README.md

Awesome Lists containing this project

README

          
# CSP: External script hashes with `strict-dynamic` present in `script-src`

Minimal reproduction for external script loading (via the `integrity` attribute) when `strict-dynamic` is present in the `script-src` directive.

## Instructions

You will need node installed, or a way to serve `index.html` and `externalScript.js`.

If you have node:

```shell

npx serve

```

### Testing

- Open your browser to http://localhost:3000

- Expect to see no CSP error logged, either on screen or in the console