Using PHP generate SRI


#1

I’ve been researching app security and i stumbled upon subresource integrity. I am aware that SRI is a solution for third party resources but can it also be useful without a third party?

either way, i found a PHP solution for generating SRI:

<?php
function checksum($input) {
    $hash = hash('sha256', $input, true);
    $hash_base64 = base64_encode($hash);
    return "sha256-$hash_base64";
}
?>

vide https://tenzer.dk/generating-subresource-integrity-checksums/

how is this function supposed to be utilized?
file_get_contents or readfile as $input?


#2

found an answer at github:

https://gist.github.com/jmervine/ae1bace0fe37dce75b90ec3e9592771c

however, support for the sri Content Security Policy header is experimental. Very frustrating. I’ll just keep my Content Security Policy headers (apache, php and meta tags) intact and keep them up-to-date.

Thanks.