This content is not available in your language yet.
SRI is enabled by default for statically generated sites. This means that if it
encounters JavaScript scripts or CSS stylesheets then it will automatically
calculate their respective SRI hashes and set them into the integrity
attribute of <script>, <style> and <link> tags.
Here you can see some examples of how code is transformed by Astro-Shield.
Notice how it also adds the crossorigin attribute to mitigate the risk of leaking credentials to third-party servers.
Generating SRI hashes module for external scripts
In some cases, you may need some external scripts to access the generated SRI
hashes (e.g. to configure the headers of a CDN). You can do this by setting the
sri.hashesModule property with the path of the module that will export the
generated hashes.
Example:
Once you run astro build, the generated module will look like this:
Disabling SRI for Statically Generated Sites
If you want to disable SRI for statically generated sites, you can do so by
setting the sri.enableStatic option to false in your Astro config file.