Does NOPCommerce support SubResource Integrity for JS calls?

8 个月 前
We're on NOP 4.0.

It seems NOP invokes JS files using the "AddScriptParts()" method in the LayoutExtensions.cs.

Does NOP provide anyway to use Subresource Integrity checking on JS calls?

Like in a regular <script> tag, we would include a hash of the file being called, so if the file had been compromised by an evildoer, the hash would not match and we would not execute the malicious code.

example: <script src="https://js.recurly.com/v4/recurly.js" integrity="sha384-pi/z/cuVSlNXEqVMdgxm7oha0wNkuO5dBTpsckdLtihPG56Tnf7pJgrCoPT49Fz7" crossorigin="anonymous" asp-suppress-fallback-integrity="false"></script>
8 个月 前
I also submitted this as a support ticket to the NOP team, and got this reply, in case anyone else has the same question:

"Unfortunately, we did not provide such an opportunity as we do not load libraries from external sources. It will be good if you create a task on GitHub, our development team will consider the possibility of its implementation

Thank you,
nopCommerce team"