{"id":262852,"date":"2025-12-02T15:33:07","date_gmt":"2025-12-02T15:33:07","guid":{"rendered":"https:\/\/wordpress.org\/plugins\/auto-sri\/"},"modified":"2025-12-10T12:48:57","modified_gmt":"2025-12-10T12:48:57","slug":"auto-sri","status":"publish","type":"plugin","link":"https:\/\/km.wordpress.org\/plugins\/auto-sri\/","author":23405116,"comment_status":"closed","ping_status":"closed","template":"","meta":{"_crdt_document":"","version":"2.1","stable_tag":"2.1","tested":"6.8.5","requires":"5.0","requires_php":"","requires_plugins":null,"header_name":"Auto SRI","header_author":"Zafir Sk Heerah","header_description":"Automatically adds Subresource Integrity (SRI) to external scripts and styles, while safely excluding dynamic content such as Google reCAPTCHA and Google Fonts.","assets_banners_color":"1066a4","last_updated":"2025-12-10 12:48:57","external_support_url":"","external_repository_url":"","donate_link":"","header_plugin_uri":"","header_author_uri":"","rating":0,"author_block_rating":0,"active_installs":300,"downloads":869,"num_ratings":0,"support_threads":0,"support_threads_resolved":0,"author_block_count":0,"sections":["description","installation","faq","changelog"],"tags":{"1.8":{"tag":"1.8","author":"zfir","date":"2025-12-02 15:32:33"},"1.9":{"tag":"1.9","author":"zfir","date":"2025-12-03 07:44:04"},"2.0":{"tag":"2.0","author":"zfir","date":"2025-12-10 12:26:41"},"2.1":{"tag":"2.1","author":"zfir","date":"2025-12-10 12:48:57"}},"upgrade_notice":{"2.1":"<p>Improved settings page UX and added settings link.<\/p>"},"ratings":[],"assets_icons":{"icon-128x128.png":{"filename":"icon-128x128.png","revision":3408199,"resolution":"128x128","location":"assets","locale":""},"icon-256x256.png":{"filename":"icon-256x256.png","revision":3408199,"resolution":"256x256","location":"assets","locale":""},"icon-512x512.png":{"filename":"icon-512x512.png","revision":3408199,"resolution":"512x512","location":"assets","locale":""}},"assets_banners":{"banner-1544x500.png":{"filename":"banner-1544x500.png","revision":3408199,"resolution":"1544x500","location":"assets","locale":""},"banner-772x250.png":{"filename":"banner-772x250.png","revision":3408199,"resolution":"772x250","location":"assets","locale":""}},"assets_blueprints":{},"all_blocks":[],"tagged_versions":["1.8","1.9","2.0","2.1"],"block_files":[],"assets_screenshots":[],"screenshots":[],"jetpack_post_was_ever_published":false},"plugin_section":[],"plugin_tags":[19966,173015,247,600,71114],"plugin_category":[54],"plugin_contributors":[],"plugin_business_model":[],"class_list":["post-262852","plugin","type-plugin","status-publish","hentry","plugin_tags-csp","plugin_tags-integrity","plugin_tags-performance","plugin_tags-security","plugin_tags-sri","plugin_category-security-and-spam-protection","plugin_committers-zfir"],"banners":{"banner":"https:\/\/ps.w.org\/auto-sri\/assets\/banner-772x250.png?rev=3408199","banner_2x":"https:\/\/ps.w.org\/auto-sri\/assets\/banner-1544x500.png?rev=3408199","banner_rtl":false,"banner_2x_rtl":false},"icons":{"svg":false,"icon":"https:\/\/ps.w.org\/auto-sri\/assets\/icon-128x128.png?rev=3408199","icon_2x":"https:\/\/ps.w.org\/auto-sri\/assets\/icon-256x256.png?rev=3408199","generated":false},"screenshots":[],"raw_content":"<!--section=description-->\n<p><strong>Auto SRI<\/strong> automatically adds Subresource Integrity (SRI) attributes to scripts and styles loaded from external sources.<\/p>\n\n<p>This improves security, protects against tampering, and enables strict Content Security Policy (CSP) setups.<\/p>\n\n<h3>Features<\/h3>\n\n<ul>\n<li>\u2714 Adds SRI to all external <code>&lt;script&gt;<\/code> and <code>&lt;link&gt;<\/code> tags  <\/li>\n<li>\u2714 Supports WordPress-enqueued assets and raw HTML tags  <\/li>\n<li>\u2714 Supports async, defer, crossorigin, and multiline script tags  <\/li>\n<li>\u2714 Caches all hashes for performance  <\/li>\n<li>\u2714 Excludes admin panel (wp-admin) to prevent conflicts<\/li>\n<li>\u2714 Automatically skips non-SRI-compatible providers:\n\n<ul>\n<li>Google reCAPTCHA  <\/li>\n<li>Google Fonts (fonts.googleapis.com \/ fonts.gstatic.com)  <\/li>\n<li>WordPress.com widgets (widgets.wp.com)<\/li>\n<li>Dynamic concatenated resources<\/li>\n<li>Dynamic script loaders and runtime-inserted scripts  <\/li>\n<\/ul><\/li>\n<li>\u2714 Safe for Elementor, WooCommerce, CookieYes, Jetpack, GoDaddy hosting, etc.<\/li>\n<\/ul>\n\n<h3>Why some scripts are excluded<\/h3>\n\n<p>This plugin automatically excludes:<\/p>\n\n<ul>\n<li>Google reCAPTCHA (<code>google.com\/recaptcha<\/code>)  <\/li>\n<li>Google Fonts stylesheets (<code>fonts.googleapis.com<\/code>)  <\/li>\n<li>Google Fonts font files (<code>fonts.gstatic.com<\/code>)  <\/li>\n<li>WordPress.com widgets (<code>widgets.wp.com<\/code>)<\/li>\n<li>Dynamic concatenated resources (<code>\/_static\/??<\/code>)<\/li>\n<li>Other dynamic inline loaders (CookieYes, wsimg, ywxi, etc.)<\/li>\n<\/ul>\n\n<p>Want to whitelist a dynamic provider? Contact us at izafirsk@gmail.com.\n* Other dynamic inline loaders (CookieYes, wsimg, ywxi, etc.)<\/p>\n\n<p>Want to whitelist a dynamic provider? Contact us at izafirsk@gmail.com.<\/p>\n\n<p>These exclusions prevent:<\/p>\n\n<ul>\n<li>CORS failures  <\/li>\n<li>Integrity mismatch blocking  <\/li>\n<li>Google reCAPTCHA from breaking  <\/li>\n<li>Google Fonts from disappearing  <\/li>\n<li>Layout shifts caused by blocked assets<\/li>\n<\/ul>\n\n<!--section=installation-->\n<ol>\n<li>Upload the plugin to <code>\/wp-content\/plugins\/auto-sri<\/code><\/li>\n<\/ol>\n\n<!--section=faq-->\n<dl>\n<dt id='does%20this%20plugin%20apply%20sri%20in%20the%20wordpress%20admin%20panel%3F'><h3>Does this plugin apply SRI in the WordPress admin panel?<\/h3><\/dt>\n<dd><p>No. The plugin automatically skips the WordPress admin panel (wp-admin) to prevent any conflicts with admin scripts and ensure smooth backend operation.<\/p><\/dd>\n<dt id='why%20are%20some%20scripts%20not%20receiving%20sri%3F'><h3>Why are some scripts not receiving SRI?<\/h3><\/dt>\n<dd><p>Scripts from Google reCAPTCHA, Google Fonts, wsimg, ywxi, and other dynamic sources cannot support SRI because their content changes on every request.<\/p>\n\n<p>This plugin intelligently detects those sources and safely skips them.<\/p><\/dd>\n<dt id='does%20this%20affect%20performance%3F'><h3>Does this affect performance?<\/h3><\/dt>\n<dd><p>No. SRI hashes are computed once and stored in the WordPress options table.<\/p><\/dd>\n<dt id='does%20this%20break%20elementor%20or%20cookieyes%3F'><h3>Does this break Elementor or CookieYes?<\/h3><\/dt>\n<dd><p>No. This plugin is fully compatible and tested against common dynamic script loaders.<\/p><\/dd>\n<dt id='does%20this%20plugin%20help%20with%20csp%3F'><h3>Does this plugin help with CSP?<\/h3><\/dt>\n<dd><p>Yes \u2014 it allows you to safely enforce:<\/p>\n\n<p>For excluded domains, you should whitelist them in your CSP.<\/p><\/dd>\n\n<\/dl>\n\n<!--section=changelog-->\n<h4>2.1<\/h4>\n\n<ul>\n<li>Improved settings page UX with clearer instructions<\/li>\n<li>Added \"Settings\" link to the plugin action links on the plugins page<\/li>\n<\/ul>\n\n<h4>2.0<\/h4>\n\n<ul>\n<li>Added settings page to allow user-defined URL exclusions<\/li>\n<li>Refactored exclusion logic for better maintainability (Unit tested)<\/li>\n<\/ul>\n\n<h4>1.9<\/h4>\n\n<ul>\n<li>Added admin panel exclusion - SRI no longer applies in wp-admin<\/li>\n<li>Added exclusion for WordPress.com widgets (widgets.wp.com)<\/li>\n<li>Added exclusion for dynamic concatenated resources (\/_static\/??)<\/li>\n<li>Fixed integrity mismatch errors for dynamic content<\/li>\n<li>Improved compatibility with WordPress.com features<\/li>\n<\/ul>\n\n<h4>1.8<\/h4>\n\n<ul>\n<li>Fixed prefixing issues to comply with WordPress standards<\/li>\n<li>Improved security by preventing direct file access<\/li>\n<li>Excluded development assets from release package<\/li>\n<li>Example of SRI added to external script tags in the page source<\/li>\n<\/ul>\n\n<h4>1.7<\/h4>\n\n<ul>\n<li>Code quality improvements<\/li>\n<li>WordPress coding standards compliance<\/li>\n<li>Optimized readme for plugin repository<\/li>\n<\/ul>\n\n<h4>1.6<\/h4>\n\n<ul>\n<li>Renamed plugin to comply with WordPress.org trademark policies<\/li>\n<li>Updated all assets and paths<\/li>\n<li>Stability improvements<\/li>\n<\/ul>\n\n<h4>1.5<\/h4>\n\n<ul>\n<li>Renamed plugin to comply with WordPress.org trademark policies<\/li>\n<li>Updated all assets and paths<\/li>\n<li>Stability improvements<\/li>\n<\/ul>\n\n<h4>1.4<\/h4>\n\n<ul>\n<li>Added new plugin banner + icon assets<\/li>\n<li>Visual branding improvements<\/li>\n<li>Updated readme and asset packaging<\/li>\n<\/ul>\n\n<h4>1.3<\/h4>\n\n<ul>\n<li>Added automatic exclusion of Google reCAPTCHA (fixes CORS \/ blocked script issues)<\/li>\n<li>Added automatic exclusion of Google Fonts (fixes integrity mismatch issues)<\/li>\n<li>Improved compatibility with Google APIs and Elementor<\/li>\n<li>Updated SRI matching and handling logic<\/li>\n<li>Stable, safe version for production use<\/li>\n<\/ul>","raw_excerpt":"Automatically adds Subresource Integrity (SRI) to external scripts\/styles and safely excludes Google reCAPTCHA and Google Fonts.","jetpack_sharing_enabled":true,"_links":{"self":[{"href":"https:\/\/km.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin\/262852","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/km.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin"}],"about":[{"href":"https:\/\/km.wordpress.org\/plugins\/wp-json\/wp\/v2\/types\/plugin"}],"replies":[{"embeddable":true,"href":"https:\/\/km.wordpress.org\/plugins\/wp-json\/wp\/v2\/comments?post=262852"}],"author":[{"embeddable":true,"href":"https:\/\/km.wordpress.org\/plugins\/wp-json\/wporg\/v1\/users\/zfir"}],"wp:attachment":[{"href":"https:\/\/km.wordpress.org\/plugins\/wp-json\/wp\/v2\/media?parent=262852"}],"wp:term":[{"taxonomy":"plugin_section","embeddable":true,"href":"https:\/\/km.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_section?post=262852"},{"taxonomy":"plugin_tags","embeddable":true,"href":"https:\/\/km.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_tags?post=262852"},{"taxonomy":"plugin_category","embeddable":true,"href":"https:\/\/km.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_category?post=262852"},{"taxonomy":"plugin_contributors","embeddable":true,"href":"https:\/\/km.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_contributors?post=262852"},{"taxonomy":"plugin_business_model","embeddable":true,"href":"https:\/\/km.wordpress.org\/plugins\/wp-json\/wp\/v2\/plugin_business_model?post=262852"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}