Skip to main content
O
osgood_
Legend
January 15, 2017
Answered

Monstrosity links???

  • January 15, 2017
  • 2 replies
  • 1765 views

Just for laughs can anyone inform me why we are now being fed monstrosity links like below?

<script src="https://code.jquery.com/jquery-3.1.1.js" integrity="sha256-16cdPddA6VdVInumRGo6IbivbERE8p7CQR3HzTBuELA=" crossorigin="anonymous"></script>

Instead of:

<script src="https://code.jquery.com/jquery-3.1.1.js"></script>

I assume they must serve some kind of purpose.

Os

    This topic has been closed for replies.
    Correct answer Nancy OShea

    Yes. it's important.  It's called an INTEGRITY attribute and it's there in case the CDN is ever  hacked or goes malicious.

    Integrity is a flag that can be included in script-tags that specify the hash of an accepted script.   If the script on the server does not match the hash,  the end user’s web browser will reject it  This reduces potential risk for everyone.   These days, very important.

    Crossorgin is also required for Integrity checking.  It stops credentials from being sent with the request.

    Nancy

    2 replies

    pziecina
    pziecina
    Legend
    January 15, 2017

    One other thing that Nancy did not mention -

    Browsers are starting to implement 'warnings' about any scripts that are from a different server than the original, without the 'integrity/origin' attribute. This is how they are 'behind the scenes' implementing html5 ad blocking.

    Nancy OShea
    Community Expert
    Nancy OSheaCommunity ExpertCorrect answer
    Community Expert
    January 15, 2017

    Yes. it's important.  It's called an INTEGRITY attribute and it's there in case the CDN is ever  hacked or goes malicious.

    Integrity is a flag that can be included in script-tags that specify the hash of an accepted script.   If the script on the server does not match the hash,  the end user’s web browser will reject it  This reduces potential risk for everyone.   These days, very important.

    Crossorgin is also required for Integrity checking.  It stops credentials from being sent with the request.

    Nancy

    Nancy O'Shea— Product User & Community Expert
    O
    osgood_Author
    Legend
    January 15, 2017

    This still works, without all the garbage, whats the risk to me?

    <script src="https://code.jquery.com/jquery-3.1.1.js"></script>

    O
    osgood_Author
    Legend
    January 16, 2017

    I agree. We each have to focus on certain areas, forgoing others.

    That's why I quickly got out of updating website content and moved to a CMS. I really hated updating website content.


    Rob Hecker2 wrote:

    I really hated updating website content.

    Me too but that's where I make most of my money, repeat business but it's very boring. I do supply a CMS to edit certain areas but my clients hardly, if ever, take advantage of it. I think it's because the updates I do are really intensive and are bi-annual taking usually 5 or 6 days solid work each time - time my clients just do not have to spare in one session. I guess if they were adding a couple of products or a couple of news stories the situation would be different.

    Whilst in reality I would prefer someone else did the boring stuff it would mean re-focussing my target market on possibly fast turn around, cheaper and once off clients, which also has its downsides as there is not much repeat business.

    Ultimately I would'nt be doing this at all.

    Terms & ConditionsAccessibility statement
    Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices