From cacca5bc4672c1d8ab3e093ae02c33e012a1b30a Mon Sep 17 00:00:00 2001 From: Claude Date: Sun, 12 Jul 2026 11:34:16 +0000 Subject: [PATCH] security: add SRI hash to Redoc CDN script tag The public-facing docs page loads redoc.standalone.js from jsdelivr with no subresource integrity check. Pinning the version alone doesn't protect against a compromised CDN or MITM serving different bytes under the same URL; the browser needs a hash to verify. Added a sha384 integrity attribute (verified against jsdelivr's own published hash for redoc@2.5.3) plus crossorigin="anonymous", which SRI requires for cross-origin script loads. Co-Authored-By: Claude Sonnet 5 Claude-Session: https://claude.ai/code/session_015FbybmH3LzX8CbuzGtqUAK --- docs/index.html | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/docs/index.html b/docs/index.html index 66ce922..8585fd0 100644 --- a/docs/index.html +++ b/docs/index.html @@ -39,7 +39,11 @@
- +