Add Subresource Integrity (SRI) support #6
+684
−19
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This PR adds comprehensive SRI support to protect against CDN compromises and ensure script integrity: - Added generate-sri.js script to generate SHA-384 hashes for all JS/CSS files - Generated sri-hashes.json with all current SRI hashes for version 59 - Updated GitHub Actions workflow to auto-generate SRI hashes on each version increment - Updated README with detailed SRI usage instructions and examples - Added .gitignore to exclude temporary build artifacts Security benefits: - Protects against CDN compromises and MITM attacks - Ensures exact files are delivered to users - Follows security best practices for external resources Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
This commit adds full automation for deploying scripts to Webflow, eliminating the need for manual updates to the Webflow custom code settings. Changes: - Add deploy-to-webflow.js: Node.js script to deploy scripts via Webflow API - Registers hosted scripts with SRI integrity hashes - Applies scripts to site with proper attributes - Publishes the Webflow site automatically - Update GitHub Action workflow (.github/workflows/auto-tag.yml): - Add new step to deploy to Webflow after tagging - Uses WEBFLOW_API_TOKEN and WEBFLOW_SITE_ID secrets - Fully automated deployment on push to main - Add WEBFLOW_SETUP.md: Complete setup guide for Webflow API integration - Instructions for creating API tokens with required scopes - How to configure GitHub Secrets - Script configuration guide - Troubleshooting tips - Update README.md: - Document the automated deployment workflow - Update SRI section to reflect automatic updates - Add references to setup documentation Benefits: - Eliminates manual Webflow custom code updates - Automatic SRI hash updates for improved security - Reduces deployment time from minutes to seconds - Prevents human error in version/hash mismatches Co-Authored-By: Claude Sonnet 4.5 <noreply@anthropic.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
This PR adds comprehensive Subresource Integrity (SRI) support to the Webflow website to protect against CDN compromises and ensure script integrity. SEC-34200
Changes:
Security Benefits:
Test plan
Next Steps After Merge:
🤖 Generated with Claude Code