Make CDN Downloads Safer
Resources like JavaScript libraries and fonts/Hono can be obtained from Content Delivery Networks (CDNs). This is a convenient way to get started quickly when building a new web application. But there are good reasons to avoid using CDNs when your apps go into production.
Using CDNs makes your app dependent on their availability and speed. Typically, neither of these is an issue. But copying the files from CDNs to your own server eliminates these potential issues.
Getting resources from a CDN also introduces a security risk. A hacker could replace files served by the CDN with malicious ones. This can be detected by using SubResource Integrity (SRI) hashes.
Using SRI hashes is easy. You need to determine the hash of each ...
Get Server-Driven Web Apps with htmx now with the O’Reilly learning platform.
O’Reilly members experience books, live events, courses curated by job role, and more from O’Reilly and nearly 200 top publishers.
