Web UI subresource integrity checks

I would like to start using the web UI, but to be honest I’m concerned about the third-party resources (CSS and script) it uses. I can understand you don’t want to reinvent the wheel, but if any of those resources get compromised someone could conceivably get access to my backup process.

Would it be possible to add subresource checks (see Subresource Integrity and https://en.wikipedia.org/wiki/Subresource_Integrity/) to those resources? At least then a resource will be ignored if anything unexpected changes. Or better still, make it an option so only the truly paranoid like myself :wink: need to enable it.

1 Like

All you’re saying is to add the integrity="sha..." part of the imports, right?

Example (from your link)

<script src="https://example.com/example-framework.js"
        integrity="sha384-Li9vy3DqF8tnTXuiaAJuML3ky+er10rcgNR/VqsVpcw+ThHmYcwiB1pbOxEbzJr7"
        crossorigin="anonymous"></script>

Yes, exactly, that’s what I had in mind.