- From: <bugzilla@jessica.w3.org>
- Date: Mon, 28 Jan 2013 18:36:34 +0000
- To: public-html-bugzilla@w3.org
https://www.w3.org/Bugs/Public/show_bug.cgi?id=20789 --- Comment #8 from Victor Costan <costan@gmail.com> --- @estark: Thank you for the comments! I really like "digest". It's both more accurate and shorter than "signature". I changed the bug title to reflect this. Xi Wang just pointed out that HTTP also uses "digest" to refer to cryptographic hashes, in its Digest authentication method [5]. I think it's good to push CDNs to use CORS headers when serving JavaScript in general, and I think the first alternative should definitely become a part of the specification. The second alternative can be the starting point for exploring a fallback mechanism for opting a script into "digest" if you don't have control over your server's HTTP headers. This would be consistent with allowing <meta charset> [6] as a fallback for not being able to set Content-Type and allowing a <meta http-equiv> as a fallback for not being able to set Content-Security-Policy [7] headers. [5] https://tools.ietf.org/html/rfc2617#section-3 [6] http://www.w3.org/TR/html-markup/meta.charset.html [7] https://dvcs.w3.org/hg/content-security-policy/raw-file/tip/csp-specification.dev.html#html-meta-element--experimental -- You are receiving this mail because: You are the QA Contact for the bug.
Received on Monday, 28 January 2013 18:36:35 UTC