cancel
Showing results for 
Search instead for 
Did you mean: 

Problem this snippet solves:

Subresource Integrity (SRI) is a new W3C specification that allows web developers to ensure that resources hosted on third-party servers have not been tampered with. Websites that make use of SRI can break when CSS patching is used within APM Portal Access. This very basic snippet will simply disable SRI by removing it.

The picture below shows an example of Chrome blocking a stylesheet from being loading (Chrome DevTools -> Console).

0151T000003d9EwQAI.PNG

How to use this snippet:

Assign both a STREAM profile and this iRule to the Virtual Server.

Code :

when CLIENT_ACCEPTED {
    # set STREAM::expression to match sha256, sha384 and sha512 integrity hashes.
    # integrity must at least contain 40 characters (base64 encoding of 256 bits is around 43 bytes).
    # and max integrity message must be less than 250 bytes (integrity + sha256 + sha384 + sha512 around 230 bytes).
    # credits go to Stanislas Piron for improving the STREAM::expression.
    set SRI_STREAM_EXPRESSION {@integrity="sha(256|384|512)-[^"]{40,250}"@@}
}

when HTTP_REQUEST {
    # Disable the stream filter by default   
    STREAM::disable 

    # LTM does not uncompress response content, so if the server has compression enabled
    # and it cannot be disabled on the server, we can prevent the server from
    # sending a compressed response by removing the compression offerings from the client
    HTTP::header remove "Accept-Encoding"
}

when HTTP_RESPONSE {   
    # Check if we're rewriting the response   
    if {[HTTP::header value Content-Type] contains "text"}{ 
        # set the STREAM::expression
        STREAM::expression $SRI_STREAM_EXPRESSION
  
        # Enable the stream filter for this response only     
        STREAM::enable 
    } 
}

Tested this on version:

13.0
Comments
ijdod
Nimbostratus
Nimbostratus

Just as a side note: the stream profile is under advanced settings of the virtual server.

 

Version history
Last update:
‎08-Jun-2018 11:20
Updated by:
Contributors