Could the auto-injected Application Insights JS snippet get an "integrity" attribute?

Morten Grøtan 1 Reputation point
2022-05-05T08:39:34.737+00:00

In our ASP.NET MVC application, we get the following script tag auto-injected:
<script src="https://az416426.vo.msecnd.net/scripts/b/ai.2.min.js"></script>
as described here: https://learn.microsoft.com/en-us/azure/azure-monitor/app/javascript?tabs=snippet

In these times with an increasing security focus, we'd like all our third-party dependencies to use proper security measures, like sub-resource integrity hashes (the "integrity" attribute).

Would it be possible for you to add a suitable "integrity" attribute when auto-injecting this snippet?

Azure Monitor
Azure Monitor
An Azure service that is used to collect, analyze, and act on telemetry data from Azure and on-premises environments.
3,020 questions
{count} votes

1 answer

Sort by: Most helpful
  1. Monalla-MSFT 12,846 Reputation points
    2022-05-18T16:32:36.453+00:00

    @Morten Grøtan - Welcome to Microsoft Q&A and thanks for reaching out to us.

    Since the "integrity" attribute is not existing currently, I have reached out to the product team to see if there is any possibility for us to implement that attribute, and I have head back from the product team that they have added it in their backlog and once they come up with design, they will prioritize it and implement it.

    There is no specific timeline provided at this moment.

    Hope this helps.

    ------------------------------------------------------------------

    If the above response was helpful, please feel free to "Accept as Answer" and "Upvote" the same so it can be beneficial to the community.

    1 person found this answer helpful.