DEV Community

Discussion on: Three Steps For Increasing The Security of Your Web Apps

andreasvirkus profile image
ajv • Edited on

Hi Jamie,

Great post! I must admit I added an external script via js in a similar manner recently (it's not in production yet luckily, so granted I get some solid advice here, that'll definitely change). The reason behind that was that I wish to download the lib dynamically only on a certain spa route. How would you handle such a situation?

dotnetcoreblog profile image
Jamie Author

External scripts aren't really a big problem.

I would recommend that you have add it to your CSP, generate an SRI, and make sure that require SRI for is enabled in your CSP.

That way, if the external script ever changes then the browser won't even load it.