Does NOPCommerce support SubResource Integrity for JS calls?

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.

Total de postagens: 2
Karma: 10
Ingressou: 15/11/2017
Localização: United States

Postado: 3 anos atrás

We're on NOP 4.0.

It seems NOP invokes JS files using the "AddScriptParts()" method in the LayoutExtensions.cs.

Does NOP provide anyway to use Subresource Integrity checking on JS calls?

Like in a regular <script> tag, we would include a hash of the file being called, so if the file had been compromised by an evildoer, the hash would not match and we would not execute the malicious code.

example: <script src="https://js.recurly.com/v4/recurly.js" integrity="sha384-pi/z/cuVSlNXEqVMdgxm7oha0wNkuO5dBTpsckdLtihPG56Tnf7pJgrCoPT49Fz7" crossorigin="anonymous" asp-suppress-fallback-integrity="false"></script>

Greg Fleming

Total de postagens: 2
Karma: 10
Ingressou: 15/11/2017
Localização: United States

Postado: 3 anos atrás

I also submitted this as a support ticket to the NOP team, and got this reply, in case anyone else has the same question:

"Unfortunately, we did not provide such an opportunity as we do not load libraries from external sources. It will be good if you create a task on GitHub, our development team will consider the possibility of its implementation

Thank you,
nopCommerce team"

This topic was automatically closed 365 days after the last reply. New replies are no longer allowed.

Ainda tem dúvidas ou precisa de ajuda?

. Serviços de suporte premium . Obtenha suporte dedicado da equipa nopCommerce com uma resposta garantida em 24 horas.

. Curso on-line para programadores . Obtenha as habilidades práticas e técnicas que necessita para executar e personalizar websites nopCommerce.