Font-awesome: Add SRI Hash to FontAwesome CDN

We'll be working on this as part of the effort to launch Pro CDN. Thanks for the note.

This is a really serious issue for anyone currently using the 'SVG with JS' option recommended on the FontAwesome website. I don't think this should be purely part of a 'paid for' service because security affects everyone and the impact could be huge. Please see the following as an example of what can happen when things go wrong: https://www.troyhunt.com/the-javascript-supply-chain-paradox-sri-csp-and-trust-in-third-party-libraries/

I don't think this should be purely part of a 'paid for' service

I don't think that this will be available only to pro users. I think that Rob means that this feature will be implemented at the same time of the Pro CDN

By the way, I agree in an escalation of this issue

Yeah sorry, I wasn't clear. We are doing the work to include SRI as part of the group of work for our PRO CDN effort. We will include SRI for all of our CDN assets that support it.

That's great news. Looking forward to when it goes live.

Thanks for the clarification and glad to hear this is being treated as a priority. Do you have an estimated release date for the update?

By the way for those looking for a quick workaround until this is implemented. You can use https://www.srihash.org/ to generate an sri hash. This would present issues with updates to font awesome though...

Upvoted previous comment, it's what I use and it works as intended.

Yep, that site is what we've been using to test and make sure our hashes are correct :)

Superb, thanks ej

Ok everyone. We've deployed SRI hashes now as part of our CDN at fontawesome.com. Give this a go and tell us what you think and if you find any problems (we've checked and double-checked everything but I bet we've missed something).

Thanks for the patience! https://fontawesome.com/get-started

Thank you so much, @robmadole!

Thank you @robmadole !

Our pleasure! 😃