I am using Angular v17 and configuration allows for setting subresourceIntegrity to true which will add the integrity hash to the <script> tags that import the compiled Angular project.
This is simple and great, except that it will only use sha384. I need to use a different algorithm for the checksum (TL;DR...using AWS CLI to upload the source files and it does not support SHA384)
I have tried using a custom webpack file and adding the webpack-subresource-integrity with hashFuncNames: ['sha256'] like:
...,
plugins: [
new SubresourceIntegrityPlugin({
enabled: true,
hashFuncNames: ['sha256'],
}),
...
However, if I set subresourceIntegrity to true in the angular.json options, it seems to ignore my setting and continue to use sha384. If I set subresourceIntegrity to false, it will not set the integrity attribute.
I'm not as comfortable with webpack as I would like, but tried to create a custom plugin that does something similar and simply don't know enough to get it to work.
Can anyone assist with an example of how to use a fully customizable index.ejs file, custom plugin, existing Angular configuration, etc. to get my compiled index.html file to have something like:
<script src="main.js" integrity="sha256-aof08ans0df8yaf0" crossorigin="anonymous"></script>
