Ethers.js: Using subresource integrity
Just wondering whether subresource integrity could be helpful when loading ethers-5.0.umd.min.js from the CDN rather than copying the file or loading it without subresource integrity.
I feel there are some benefits this would have, although I guess it is less decentralised than each site depending on ethers having its own copy.
I raise this as an issue because it would mean that the CDN copy would need to remain unchanged (unless it already always remains unchanged) and so it might be worth having finer granularity of versions served by the CDN.
Additionally, the CDN would need to serve the file with Access-Control-Allow-Origin: * as mentioned under "Cross-Origin Resource Sharing and Subresource Integrity" here. It currently does not do this.
Also just want to say: this is an awesome project, thanks contributors and @ricmoo especially for your efforts!
Coda-Coda
All 6 comments
I love this idea! I didn't even know about this. And it looks widely supported.
The ethers-5.0.min.umd.js file changes on every release, but the ethers-5.0.3.min.umd.js for example, will never change, so this is possible for the exact version. And I can have the latest version update the Flatworm documentation source and the README.md source easy enough, with the included hash in the example
Related issues
zemse
路
3Comments
ricmoo
路
3Comments
jochenonline
路
3Comments
dave-dm
路
3Comments
jochenonline
路
3Comments