By default, Astro-Shield does not enable SRI for SSR (Server-Side-Rendered)
content, but you can easily enable it by setting the sri.enableMiddleware
option to true in your Astro config file.
Reinforcing security for dynamic content
Allow Lists
Astro-Shield will block any cross-origin resource that it isn’t explicitly
allowed. This is because doing otherwise could open the door to a variety of
security vulnerabilities caused by loading untrusted content and marking it as
safe.
We can define a list of allowed resource URLs like in the example below:
Blocking Inline Resources
Although Astro-Shield does not block inline resources by default, it might be
a good idea to block them in certain cases to prevent
XSS attacks.
You can do this by setting the options sri.allowInlineScripts and
sri.allowInlineStyles to false or 'static' (this one allows inline
resources only in static content).