A Hanami application can serve assets from a Content Delivery Network (CDN). This feature is useful in production environment, where we want to speed up static assets serving.
In order to take advantage of this feature, we need to specify CDN settings.
# apps/web/application.rb module Web class Application < Hanami::Application # ... configure :production do scheme 'https' host 'bookshelf.org' port 443 assets do # ... fingerprint true # CDN settings scheme 'https' host '123.cloudfront.net' port 443 end end end end
Once CDN mode is on, all the asset helpers will return absolute URLs.
<%= stylesheet 'application' %>
<link href="https://123.cloudfront.net/assets/application-9ab4d1f57027f0d40738ab8ab70aba86.css" type="text/css" rel="stylesheet">
To solve this problem, browsers vendors introduced a defense called Subresource Integrity.
When enabled, the browser verifies that the checksum of the downloaded file, matches with the declared one.
If we're using jQuery from their CDN, we should find the checksum of the
.js file on their website and write:
The output will be:
As a defense against this security problem, Hanami enables Subresource Integrity by default in production.
When we precompile assets at deploy time, Hanami calculates the checksum of all our assets and it adds a special HTML attribute
integrity to our asset tags like
To turn off this feature, or to configure it, please have a look at the
production block in
module Web class Application < Hanami::Application configure :production do assets do # ... subresource_integrity :sha256 end end end end
By removing or commenting that line, the feature is turned off.
We can choose one or more checksum algorithms:
subresource_integrity :sha256, :sha512
With this setting, Hanami will render
integrity HTML attribute with two values: one for
SHA256 and one for
Please note that checksum calculations are CPU intensive, so adding an additional
subresource_integrity scheme will extend the time it takes to precompile assests, and therefore deploy. We suggest leaving the default setting (