| [12:43:15] | <paul121[m]> | Ah a reminder against using CDN! https://thehackernews.com/2024/06/over-110000-websites-affected-by.html?m=1 |
| [12:43:27] | <paul121[m]> | Is there no way to use a cdn but check that the response conforms to some sha hash? That would prevent an issue like this |
| [13:40:36] | <mstenta[m]> | There is in fact! https://www.w3schools.com/Tags/att_script_integrity.asp |
| [14:39:28] | <paul121[m]> | Awesome. That should be used like... Everywhere |
| [15:38:52] | <mstenta[m]> | symbioquine paul121: this might affect our support for sqlite3 https://github.com/docker-library/drupal/issues/264 |
| [17:15:10] | <symbioquine[m]> | <mstenta[m]> "There is in fact! https://www...." <- https://caniuse.com/subresource-integrity |
| [17:18:23] | <symbioquine[m]> | Support across browsers for subresource integrity is pretty good, but not universal, so some - especially IE - would still be vulnerable to the CDN serving alternative and maybe malicious JS |
| [17:19:06] | <symbioquine[m]> | <mstenta[m]> "symbioquine paul121: this..." <- Hmmm, interesting... |
| [17:19:52] | <symbioquine[m]> | If I skimmed that correctly, it sounds like we might have to drop sqlite support 😅 |