University
Webinars
Community
Help Center
Technical Docs
Contentsquare Platform

Sub-resource integrity (SRI)

Subresource Integrity (SRI) provides an additional layer of security by ensuring that the files your web application or web document fetches (from a CDN or anywhere) have been delivered without a third-party having injected any additional content into those files — and without any other changes of any kind at all having been made to those files. The files will simply be rejected by the browser if any changes are detected. (SRI protects against attacks such as CDN hijacking and “man-in-the-middle” attacks).

The browser will calculate the hash according to a specified algorithm upon fetching it from the CDN, compare said hash with the hash specified in the integrity attribute of the script tag, and reject the request if no match is found.

In addition to the security benefits of this approach, it also ensures that none of the changes/updates (periodical or ad-hoc) on the Contentsquare side propagate to the Contentsquare tag running on your web application/document, unless the code is updated on your end.

Setting It Up

Section titled Setting It Up

To set up Contentsquare SRI on your web application, a tag similar to the below will be provided to you by your Contentsquare team (note the addition of the integrity attribute and the source path changes compared to the “regular” version of the tag). The path will use a project-specific ID that matches your Contentsquare project and the version of the snapshot being used.

<script type="text/javascript">
  (function () {
    var mt = document.createElement("script");
    mt.type = "text/javascript";
    mt.async = true;
    mt.integrity = "sha512-NEWHASH";
    mt.crossOrigin = "anonymous";
    mt.src = "//t.contentsquare.net/ss/<ID>/<VERSION>/uxa.js";
    document.getElementsByTagName("head")[0].appendChild(mt);
  })();
</script>

Version update procedure

Section titled Version update procedure

Each version of the tag is manually generated by your Contentsquare team using the SRI deployment method. You can define the updates frequency with your dedicated Contentsquare team. This means that every time we will generate a new version of your tag we will communicate:

  • New tag URL with the right version.
  • The SRI hash matching the version.
  • The changes introduced since the latest version shared with you.

By changing it, you will benefit from:

  • Latest tag improvements and new features.
  • Potential customizations.

Compatibility

Section titled Compatibility

Latest versions of any browsers except Internet Explorer.