A bunch of questions on SRI

I’m just finishing up on my first theme using hugo pipes. And to say the least it has been very entertaining and convenient. I am also playing around with SRI, though to be honest I have a bunch of things I do not really understand.

First of all, according to the hugo docs the fingerprint can be done in sha256, sha512 and md5. According to the mozilla web docs however, only sha256, sha384 and sha512 are supported.

So what happens if I choose md5, will this hash function result in the SRI failing? Is there a recommended value to choose? And is it even useful to use SRI for a file that is gonna be served from the same server as the html files?

Cheers, Oli

You would be responsible to pick a SRI compliant hash function yourself (the default is). I recommend you test your site in, say, Chrome before you publish it to the world.

The thing is, not everyone care about the SRI part – and for plain fingerprinting (aka cache busting), md5 will be faster and will have much shorter hashes.

As to the “recommended value”, I think sha256 would be a current good recommendation.

And to clear: Using md5 as SRI will fail in Chrome and other browsers.

Thanks @bep , as always, for your quick replies.

I decided to use the SRI using sha256, not really sure if it’s important, but since it’s fully automatic I’m gonna just use it.

1 Like