Using PHP generate SRI


I’ve been researching app security and i stumbled upon subresource integrity. I am aware that SRI is a solution for third party resources but can it also be useful without a third party?

either way, i found a PHP solution for generating SRI:

function checksum($input) {
    $hash = hash('sha256', $input, true);
    $hash_base64 = base64_encode($hash);
    return "sha256-$hash_base64";


how is this function supposed to be utilized?
file_get_contents or readfile as $input?


found an answer at github:

however, support for the sri Content Security Policy header is experimental. Very frustrating. I’ll just keep my Content Security Policy headers (apache, php and meta tags) intact and keep them up-to-date.