Is your feature request related to a problem? Please describe.
The HTML file created by build-docs includes the redoc.standalone.js as an inline script. For security reasons, Subresource Integrity should be defined for the file to ensure that it has not been tampered with.
Describe the solution you'd like
The generator should do that automatically or the hash should be provided for each new version to ensure that generated output has a valid integrity hash as well as crossorigin="anonymous" tag set.
Describe alternatives you've considered
For now I've manually generated the SRI hash with the tool linked below and integrated this into my generated output. However on next rebuild, this will be overridden and is at risk of being lost, opening up the security risk again.
Additional context
Is your feature request related to a problem? Please describe.
The HTML file created by
build-docsincludes the redoc.standalone.js as an inline script. For security reasons, Subresource Integrity should be defined for the file to ensure that it has not been tampered with.Describe the solution you'd like
The generator should do that automatically or the hash should be provided for each new version to ensure that generated output has a valid
integrityhash as well ascrossorigin="anonymous"tag set.Describe alternatives you've considered
For now I've manually generated the SRI hash with the tool linked below and integrated this into my generated output. However on next rebuild, this will be overridden and is at risk of being lost, opening up the security risk again.
Additional context