Subresource Integrity - SRI Hash


Like CSP, SRI is a security feature that allows browsers to verify that the files they retrieve (for example, from a CDN) are delivered without unexpected manipulation. It works by providing a cryptographic hash that the retrieved file must match.


To enable Eulerian to function within an SRI context, you must use a fixed version of the Eulerian JavaScript. Our servers allow you to specify the version you will be working with.


Example SRI Implementation Model

 <script>
 let EA_vers = '<EA_VERSION>';
 (function(e,a){var i=e.length,y=5381,k='script',s=window,v=document,o=v.createElement(k);for(;i;){i-=1;y=(y*33)^e.charCodeAt(i)}y='_EA_'+(y>>>=0);(function(e,a,s,y){s[a]=s[a]||function(){(s[y]=s[y]||[]).push(arguments);s[y].eah=e;};}(e,a,s,y));i=new Date/1E7|0;o.ea=y;y=i%26;
 let EA_sri = '<EA_SRI_SHA_STRING>'; 

 o.async=1;o.crossOrigin='anonymous';o.integrity=EA_sri;e+='/fv/'+EA_vers;
 o.src='//'+e+'/'+String.fromCharCode(97+y,122-y,65+y)+(i%1E3)+'.js?2';s=v.getElementsByTagName(k)[0];s.parentNode.insertBefore(o,s);})
 ('my.tracking-domain.com','EA_push');
Example of implementation
</script>




Do not copy/paste! Adapt it according to your own SRI.
 <script>
 let EA_vers = '5.5.1';
 (function(e,a){var i=e.length,y=5381,k='script',s=window,v=document,o=v.createElement(k);for(;i;){i-=1;y=(y*33)^e.charCodeAt(i)}y='_EA_'+(y>>>=0);(function(e,a,s,y){s[a]=s[a]||function(){(s[y]=s[y]||[]).push(arguments);s[y].eah=e;};}(e,a,s,y));i=new Date/1E7|0;o.ea=y;y=i%26;
 let EA_sri = 'sha256-hkhVx+B05oiOChsViCasVOlEaE18JlE3aBxTzJEvUXo='; 

 o.async=1;o.crossOrigin='anonymous';o.integrity=EA_sri;e+='/fv/'+EA_vers;
 o.src='//'+e+'/'+String.fromCharCode(97+y,122-y,65+y)+(i%1E3)+'.js?2';s=v.getElementsByTagName(k)[0];s.parentNode.insertBefore(o,s);})
 ('mj23.eulerian.com','EA_push');
</script>

It specifies two “static” parameters that you will need to replace:
  • <EA_VERSION> : The version of the main ea.js.To find the version you wish to use, go to this address (replace with your tracking domain): my.tracking-domain.com/fv/version.txt You will get a list of available versions. Choose one (preferably the highest one).This is your <EA_VERSION> variable that needs to be replaced.

  • <EA_SRI_SHA_STRING> : The result of the hashing prefixed by its type ( sha256 , sha384 or sha512 ) and a hyphen.Choose from one of the available hashes (sha256, sha385, sha512), which we will call <HASH> here, and then go to this address: my.tracking-domain.com/fv/ <EA_VERSION>/ea.<HASH>.txt?2Example for our website  www.eulerian.com  with the tracking domain  mj23.eulerian.com  and a sha256 : https://mj23.eulerian.com/fv/5.5.1/ea.sha256.txt?2 You will obtain the current hash of this version of JavaScript. Once prefixed with sha<HASH>- , this is your <EA_SRI_SHA_STRING> variable to replace.With our example: uuQ2A5JrShq7Hbj6PlnRdnpJ/N4mU9RkLHJEy8kp7Lo=The variable <EA_SRI_SHA_STRING> will therefore be sha256-uuQ2A5JrShq7Hbj6PlnRdnpJ/N4mU9RkLHJEy8kp7Lo=