Hey everyone,
For security reasons, we’d like to enforce stricter CSP policies in our Strapi setup. Specifically, we want to enable Subresource Integrity (SRI) for all scripts generated in the Strapi build.
We would like to avoid relying solely on a simple script-src: 'self'
directive.
Our goal is that, inside the HTML documents of the admin panel created by Strapi, the <script>
tags that load the build files include an integrity
attribute with the hash of each file. This would help prevent unauthorized modifications by external actors.
Does Strapi v4 or v5 provide a way to automatically generate and apply these integrity hashes to the admin panel HTML documents? If not, what would be the best approach to implement this?
Any insights or suggestions are appreciated!
Thanks in advance!