From 11cd813802153a5de0ec1d60ea764fd1b26be8c8 Mon Sep 17 00:00:00 2001
From: Vincenzo Chianese <vincenz.chianese@yahoo.it>
Date: Tue, 6 Dec 2016 13:20:09 +0100
Subject: [PATCH] Add Subresource Integrity support (#1176)

* Add Subresource Integrity support

* Pin dependency
---
 packages/react-scripts/config/webpack.config.prod.js | 5 +++++
 packages/react-scripts/package.json                  | 1 +
 2 files changed, 6 insertions(+)

diff --git a/packages/react-scripts/config/webpack.config.prod.js b/packages/react-scripts/config/webpack.config.prod.js
index bae24d1a4..df970584a 100644
--- a/packages/react-scripts/config/webpack.config.prod.js
+++ b/packages/react-scripts/config/webpack.config.prod.js
@@ -15,6 +15,7 @@ var HtmlWebpackPlugin = require('html-webpack-plugin');
 var ExtractTextPlugin = require('extract-text-webpack-plugin');
 var ManifestPlugin = require('webpack-manifest-plugin');
 var InterpolateHtmlPlugin = require('react-dev-utils/InterpolateHtmlPlugin');
+var SubresourceIntegrityPlugin = require('webpack-subresource-integrity');
 var url = require('url');
 var paths = require('./paths');
 var getClientEnvironment = require('./env');
@@ -259,6 +260,10 @@ module.exports = {
     // having to parse `index.html`.
     new ManifestPlugin({
       fileName: 'asset-manifest.json'
+    }),
+    // Generate and inject subresources hashes in the final `index.html`.
+    new SubresourceIntegrityPlugin({
+      hashFuncNames: ['sha256', 'sha384']
     })
   ],
   // Some libraries import Node modules but don't use them in the browser.
diff --git a/packages/react-scripts/package.json b/packages/react-scripts/package.json
index a379cab42..9a13efce1 100644
--- a/packages/react-scripts/package.json
+++ b/packages/react-scripts/package.json
@@ -64,6 +64,7 @@
     "webpack": "1.13.2",
     "webpack-dev-server": "1.16.2",
     "webpack-manifest-plugin": "1.1.0",
+    "webpack-subresource-integrity": "0.7.0",
     "whatwg-fetch": "1.0.0"
   },
   "devDependencies": {
-- 
GitLab