Top
Subresource Integrity (SRI)
  • 13 Sep 2024
  • 1 Minute To Read
  • Dark
    Light
  • PDF

Subresource Integrity (SRI)

  • Dark
    Light
  • PDF

Article summary

Subresource Integrity (SRI) is a standard web security feature that enables browsers to verify that a resource loaded from a CDN is not altered when it is delivered to the browser. It works by letting you provide a cryptographic hash that a fetched resource must match.

your title goes here

To get the feature enabled for your account, contact support@whatfix.com.

Enterprises using the JavaScript + Cloud model of deployment can opt into the latest security update of Subresource Integrity compatibility.


How does it work?

SRI guarantees the integrity of Whatfix Javascript by ensuring that any changes to end-user-impacting production libraries are validated by the end-user browsers.

Whatfix attaches a unique integrity attribute created using a SHA384 encryption standard to the Whatfix library file. For every change made to these libraries, a unique integrity attribute value, or a cryptographic hash, is automatically generated. Any changes to libraries that have an end-user impact, trigger a change in the cryptographic hash.

Once a Push to production is done, the hash value of the original production libraries is compared with the hash value of the libraries that end users' browsers have received. If there is a mismatch between these two values, the production libraries are not executed at an end-user level.

With this update, you can trust the integrity of the Whatfix libraries delivered from your CDN and protect end users from unintentional modifications to library files.

Whatfix administrators can choose to accept or reject Whatfix library updates when pushing changes to production. Administrators can decide not to accept library updates and continue pushing new Whatfix content created on the dashboard to end users.


Update the application script

Every time a complete push to production is performed, the application script is changed on the Whatfix dashboard. Thus, after each complete push to production, the application script should be updated.

A complete Push to production (P2P) happens when content as well as configuration changes are published using the Whatfix dashboard. Only content updates do not constitute a complete P2P.

Following are some examples of when a complete P2P happens:

  • Changes in the Advanced Customization(AC) code (can be optionally excluded from SRI)
  • Release from Whatfix
  • Enabling or disabling features that are available for limited customers (Beta features)

For more information, see Use JavaScript code to show Whatfix content.

Note

Publishing only content changes does not update the application script.


Was this article helpful?

Changing your password will log you out immediately. Use the new password to log back in.
First name must have atleast 2 characters. Numbers and special characters are not allowed.
Last name must have atleast 1 characters. Numbers and special characters are not allowed.
Enter a valid email
Enter a valid password
Your profile has been successfully updated.