CSP Integrity attribute generation #557
Description
Hi,
How feasible would it be to generate and store the hash (we already make an md5 hash) and populate it when the asset is injected into a template usage, i.e. {% asset 'base/view-filters' %} expanded to include the js or css and the hash for Content Security Policy.
An integrity value begins with at least one string, with each string including a prefix indicating a particular hash algorithm (currently the allowed prefixes are sha256, sha384, and sha512), followed by a dash, and ending with the actual base64-encoded hash.
hash-algorithm = "sha256" / "sha384" / "sha512"
OR
ability to inject a dynamic nonce attribute
https://developer.mozilla.org/en-US/docs/Web/Security/Subresource_Integrity
https://blog.cschad.com/posts/securing-your-flask-application/
https://www.w3.org/TR/SRI/
https://www.w3.org/TR/CSP3/