Port #17729 to v4: Add SRI hashes to CDN links in docs

[skip sauce]

diff --git a/_config.yml b/_config.yml
index 7aa58d120f55169e3f1afb585bced7ca44893380..56b538a88e42bbdf09cce3952fc309556d89c65f 100644 (file)
--- a/_config.yml
+++ b/_config.yml
@@ -36,6 +36,9 @@ expo:             http://expo.getbootstrap.com
 themes:           http://themes.getbootstrap.com
 
 cdn:
+  # See https://www.srihash.org for info on how to generate the hashes
   css:            https://cdn.rawgit.com/twbs/bootstrap/v4-dev/dist/css/bootstrap.css
+  css_hash:       "sha384-XXXXXXXX"
   js:             https://cdn.rawgit.com/twbs/bootstrap/v4-dev/dist/js/bootstrap.js
+  js_hash:        "sha384-XXXXXXXX"
   jquery:         https://ajax.googleapis.com/ajax/libs/jquery/2.1.4/jquery.min.js

diff --git a/docs/getting-started/introduction.md b/docs/getting-started/introduction.md
index 03c1079dc5edff52f3de5319e5098d4d156de88a..9fe3103e54331f42d9455421684da02cca36efc0 100644 (file)
--- a/docs/getting-started/introduction.md
+++ b/docs/getting-started/introduction.md
@@ -21,14 +21,14 @@ Looking to quickly add Bootstrap to your project? Use the Bootstrap CDN, provide
 Copy-paste the stylesheet `<link>` into your `<head>` before all other stylesheets to load our CSS.
 
 {% highlight html %}
-<link rel="stylesheet" href="{{ site.cdn.css }}">
+<link rel="stylesheet" href="{{ site.cdn.css }}" integrity="{{ site.cdn.css_hash }}" crossorigin="anonymous">
 {% endhighlight %}
 
 Add our JavaScript plugins and jQuery near the end of your pages, right before the closing `</body>` tag. Be sure to place jQuery first as our code depends on it.
 
 {% highlight html %}
 <script src="{{ site.cdn.jquery }}"></script>
-<script src="{{ site.cdn.js }}"></script>
+<script src="{{ site.cdn.js }}" integrity="{{ site.cdn.js_hash }}" crossorigin="anonymous"></script>
 {% endhighlight %}
 
 And that's it—you're on your way to a fully Bootstrapped site. If you're at all unsure about the general page structure, keep reading for an example page template.
@@ -53,14 +53,14 @@ Put it all together and your pages should look like this:
     <meta http-equiv="x-ua-compatible" content="ie=edge">
 
     <!-- Bootstrap CSS -->
-    <link rel="stylesheet" href="{{ site.cdn.css }}">
+    <link rel="stylesheet" href="{{ site.cdn.css }}" integrity="{{ site.cdn.css_hash }}" crossorigin="anonymous">
   </head>
   <body>
     <h1>Hello, world!</h1>
 
     <!-- jQuery first, then Bootstrap JS. -->
     <script src="{{ site.cdn.jquery }}"></script>
-    <script src="{{ site.cdn.js }}"></script>
+    <script src="{{ site.cdn.js }}" integrity="{{ site.cdn.js_hash }}" crossorigin="anonymous"></script>
   </body>
 </html>
 {% endhighlight %}

diff --git a/docs/index.html b/docs/index.html
index 45cf7eb611b143051b95c23b9888caf180fd3352..47c469c42c3780f66354f1c58f4f344feb2c5889 100644 (file)
--- a/docs/index.html
+++ b/docs/index.html
@@ -33,8 +33,8 @@ title: Bootstrap · The world's most popular mobile-first and responsive f
         <p>When you just need to include Bootstrap's compiled CSS and JS, use the Bootstrap CDN, free from the Max CDN folks.</p>
 {% comment %}
 {% highlight html %}
-<link rel="stylesheet" href="{{ site.cdn.css }}">
-<script src="{{ site.cdn.js }}"></script>
+<link rel="stylesheet" href="{{ site.cdn.css }}" integrity="{{ site.cdn.css_hash }}" crossorigin="anonymous">
+<script src="{{ site.cdn.js }}" integrity="{{ site.cdn.js_hash }}" crossorigin="anonymous"></script>
 {% endhighlight %}
 {% endcomment %}
         <p class="text-muted">Not yet available, but hopefully soon!</p>