mirror of
https://github.com/selfxyz/self.git
synced 2026-04-27 03:01:15 -04:00
9b8e081435
* Add remote webview integrity checks * fixes * feedback * update tests; fix pipelines * fix ci * feat(webview): add subresource integrity (SRI) to build output The SHA-256 remote integrity check only covers the entry HTML document. Sub-resources (JS, CSS) loaded by that HTML were fetched without integrity verification, allowing a compromised CDN to swap bundles. Add a custom Vite plugin that injects SRI sha384 hashes into all script and link tags in the built index.html. The browser natively enforces these hashes, blocking any tampered sub-resources. Includes tests verifying integrity attributes are present and that hashes match the actual file contents on disk. --------- Co-authored-by: Tranquil-Flow <tranquil_flow@protonmail.com>