W3C home > Mailing lists > Public > public-webappsec@w3.org > December 2014

[SRI] Towards v1 - do we need fallback/noncanonical-src?

From: Frederik Braun <fbraun@mozilla.com>
Date: Wed, 10 Dec 2014 18:39:13 +0100
Message-ID: <54888541.7020709@mozilla.com>
To: "public-webappsec@w3.org" <public-webappsec@w3.org>
I am leaning towards taking the current state and calling it a v1 around
January.

This includes mostly what Chromium has in Canary (Firefox has a
work-in-progress patch that is aligned with what Chromium does, modulo
the authenticated origin discussion, that should happen in another thread).


It seems that both sides are OK with implementing
fallback/noncanonical-src attributes (allows loading the resource from
another location, if the integrity check fails). But we are not sure
whether it should be included in v1.

So, the question is: What do web developers want?



I'm slightly leaning towards no, as a local shim could always check if
something has been declared or not.


(I'll start another thread about error reporting in a minute)
Received on Wednesday, 10 December 2014 17:39:41 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:08 UTC