- 13 Sep 2024
- 1 Minute To Read
-
Print
-
DarkLight
-
PDF
Subresource Integrity (SRI)
- Updated On 13 Sep 2024
- 1 Minute To Read
-
Print
-
DarkLight
-
PDF
Subresource Integrity (SRI) is a standard web security feature that enables browsers to verify that a resource loaded from a CDN is not altered when it is delivered to the browser. It works by letting you provide a cryptographic hash that a fetched resource must match.
To get the feature enabled for your account, contact support@whatfix.com.
Enterprises using the JavaScript + Cloud model of deployment can opt into the latest security update of Subresource Integrity compatibility.
How does it work?
SRI guarantees the integrity of Whatfix Javascript by ensuring that any changes to end-user-impacting production libraries are validated by the end-user browsers.
Whatfix attaches a unique integrity attribute created using a SHA384 encryption standard to the Whatfix library file. For every change made to these libraries, a unique integrity attribute value, or a cryptographic hash, is automatically generated. Any changes to libraries that have an end-user impact, trigger a change in the cryptographic hash.
Once a Push to production is done, the hash value of the original production libraries is compared with the hash value of the libraries that end users' browsers have received. If there is a mismatch between these two values, the production libraries are not executed at an end-user level.
With this update, you can trust the integrity of the Whatfix libraries delivered from your CDN and protect end users from unintentional modifications to library files.
Whatfix administrators can choose to accept or reject Whatfix library updates when pushing changes to production. Administrators can decide not to accept library updates and continue pushing new Whatfix content created on the dashboard to end users.
Update the application script
Every time a complete push to production is performed, the application script is changed on the Whatfix dashboard. Thus, after each complete push to production, the application script should be updated.
A complete Push to production (P2P) happens when content as well as configuration changes are published using the Whatfix dashboard. Only content updates do not constitute a complete P2P.
Following are some examples of when a complete P2P happens:
- Changes in the Advanced Customization(AC) code (can be optionally excluded from SRI)
- Release from Whatfix
- Enabling or disabling features that are available for limited customers (Beta features)
For more information, see Use JavaScript code to show Whatfix content.
Publishing only content changes does not update the application script.