- From: Noam Rosenthal <notifications@github.com>
- Date: Wed, 23 Mar 2022 08:20:54 -0700
- To: whatwg/fetch <fetch@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 23 March 2022 15:21:06 UTC
Added https://github.com/web-platform-tests/wpt/pull/33326 There were 3 cases that were not handled in the original SRI test: - Resource has SRI but preload doesn't. Both Chromium & Gecko ignore the preload in that case - Resource and preload have matching SRIs but different algos. Chromium ignores the preload and Firefox accepts. - Same as previous, but algo of consumer is stronger than that of preload I'm ignoring WebKit results here as it [doesn't check](https://bugs.webkit.org/show_bug.cgi?id=238206) for resource integrity when consuming resources (which can lead to consuming resources with a mismatch!) So: - In both Gecko & Chromium, if consumer doesn't have SRI the preload is considered valid. - In Chromium, the preload is consumed only if the SRI matches 1:1 (or consumer doesn't have SRI) - In Gecko, the preload is consumed only if the SRI of the preload is same or stronger *algo* than the consumer (or consumer doesn't have SRI) As I said before, the latter is quite an edge case - perhaps this difference can be a `MAY`? -- Reply to this email directly or view it on GitHub: https://github.com/whatwg/fetch/pull/1418#issuecomment-1076483961 You are receiving this because you are subscribed to this thread. Message ID: <whatwg/fetch/pull/1418/c1076483961@github.com>
Received on Wednesday, 23 March 2022 15:21:06 UTC