Subresource Integrity (SRI) Hash Invalid

Severity: Low
Summary#

Invicti detected computed hash for the subresource is invalid.

Subresource Integrity (SRI) provides a mechanism to check integrity of the resource hosted by third parties like Content Delivery Networks (CDNs) and verifies that the fetched resource has been delivered without unexpected manipulation.

SRI does this using hash comparison mechanism. In this way, hash value declared in HTML elements (for now only script and link elements are supported) will be compared with the hash value of the resource hosted by third party.

Use of SRI is recommended as a best-practice, whenever libraries are loaded from a third-party source.

Remediation#

Using Subresource Integrity is simply to add integrity attribute to the script tag along with a base64 encoded cryptographic hash value.

<script src="https://code.jquery.com/jquery-2.1.4.min.js" integrity="sha384-R4/ztc4ZlRqWjqIuvf6RX5yb/v90qNGx6fS48N0tRxiGkqveZETq72KgDVJCp2TC" crossorigin="anonymous"></script>

The hash algorithm must be one of sha256, sha384 or sha512, followed by a '-' character.

Classifications#

Build your resistance to threats. And save hundreds of hours each month.

Get a demo See how it works