SDK Subresource integrity

A Subresource Integrity (SRI) check is a security feature that enables browsers to verify that the resources they fetch are delivered without unexpected manipulation. It works by allowing you to provide a cryptographic hash that a fetched resource must match.


To use SRI, you must use a browser that supports this feature. If your browser does not support the feature, the browser simply loads the resource without any check. To see if your browser supports SRI, see here.


<script src="https://{version}/cm-js-client.js" integrity="{hash-type}-{hash}" crossorigin="anonymous"></script>

Instructions: Copy the above code to your page and replace {version} and {hash-type}-{hash} with the desired values (See table below).


If the integrity check fails, the resource is not loaded and an error message is created in the browser console. Here is an example of an error message:


Version Subresource integrity hash
1.8.0 sha384-0GHc4tbrUnSeqgJfCC7aCRmJBuZIm5Heb0bz1WVkeFimi+dyu6QIdb+m5/bfxM4S
1.7.2 sha384-DomLuPEwryqhWG7PsY4OkAAC1xjxu4IIeBMRNYzfMtWvaXaTxx5WgBPGUohVQwla
1.7.1 sha384-DomLuPEwryqhWG7PsY4OkAAC1xjxu4IIeBMRNYzfMtWvaXaTxx5WgBPGUohVQwla
1.7.0 sha384-DomLuPEwryqhWG7PsY4OkAAC1xjxu4IIeBMRNYzfMtWvaXaTxx5WgBPGUohVQwla
1.6.1 sha384-P4mpRTKTJOk0T3UedTF4KLP1ZflKJ4TUiZVFBDf+QSIjBaaRUH7gtHgo9YJOneC8
1.5.0 sha384-qdlQ3Q3vSWc90ceMJhhqppnT5T3hHAwwPapvsKyiEO8Nwg7SAdLGVWuqPWNNYUog
1.3.1 sha384-mITcN2/a1974hBdy0P2J1XhFzJAmM0ZwhbVU1mhf5rCn/+c6LGaBEofZBtG4fSLx
1.1.0 sha384-y7d1Lx38Lbq3BC5kW7sF6AQJVREuk9cllefz3sKxqEQe5kn3WIcuCM77yB1rzWur
1.0.0 sha384-Wjpa6SPg+YUBRSSl0AlRHlSZvXpvfE040bCEIqt2TKz4uwjGkhadRNkyis5nvmHu