Skip to content

feat(clerk-js): Added integrity attribute support #4918

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 14 commits into
base: main
Choose a base branch
from
Open

feat(clerk-js): Added integrity attribute support #4918

wants to merge 14 commits into from

Conversation

jonahallibone
Copy link

Description

What

This PR introduces an integrity props and creates an attribute on the generated <Script /> tag.

Why

Google CASA and other common security audits require that all third party scripts be accompanied by an SRI to pass their certification checks. Doing this with Clerk, while possible, was not supported natively. The recommended solution was to point clerkJsUrl at a blank file hosted on my domain, and manually add the script tag with the verison and SRI attribute to match. This PR introduces first party support for integrity such that this workaround can be obviated.

Checklist

  • pnpm test runs as expected.
  • pnpm build runs as expected.
  • (If applicable) JSDoc comments have been added or updated for any package exports
  • (If applicable) Documentation has been updated

Type of change

  • 🐛 Bug fix
  • 🌟 New feature
  • 🔨 Breaking change
  • 📖 Refactoring / dependency upgrade / documentation
  • other:

@changeset-bot changeset-bot
Copy link

changeset-bot bot commented Jan 16, 2025
edited
Loading

🦋 Changeset detected

Latest commit: 42e689e

The changes in this PR will be included in the next version bump.

This PR includes changesets to release 19 packages
Name Type
@clerk/nextjs Minor
@clerk/shared Minor
@clerk/clerk-react Minor
@clerk/agent-toolkit Patch
@clerk/astro Patch
@clerk/backend Patch
@clerk/chrome-extension Patch
@clerk/clerk-js Patch
@clerk/elements Patch
@clerk/expo-passkeys Patch
@clerk/clerk-expo Patch
@clerk/express Patch
@clerk/fastify Patch
@clerk/nuxt Patch
@clerk/react-router Patch
@clerk/remix Patch
@clerk/tanstack-react-start Patch
@clerk/testing Patch
@clerk/vue Patch

Not sure what this means? Click here to learn what changesets are.

Click here if you're a maintainer who wants to add another changeset to this PR

@vercel Vercel
Copy link

vercel bot commented Jan 16, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Comments Updated (UTC)
clerk-js-sandbox ✅ Ready (Inspect) Visit Preview 💬 Add feedback Mar 3, 2025 4:56pm

@jonahallibone jonahallibone changed the title feat: Added integrity attribute support feat(clerk-js): Added integrity attribute support Jan 22, 2025
@vercel Vercel
Copy link

vercel bot commented Mar 19, 2025

@jonahallibone is attempting to deploy a commit to the Clerk Production Team on Vercel.

A member of the Team first needs to authorize it.

@clerk-cookie
Copy link
Collaborator

Hello 👋

We currently close PRs after 60 days of inactivity. It's been 50 days since the last update here. If we missed this PR, please reply here. Otherwise, we'll close this PR in 10 days.

Thanks for being a part of the Clerk community! 🙏

@clerk-cookie clerk-cookie added Stale and removed Stale labels May 9, 2025
@jonahallibone
Copy link
Author

Any update on either this PR or this idea?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
nextjs react
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@jonahallibone @clerk-cookie