Re: [SRI] Towards v1 - do we need fallback/noncanonical-src?

On Wed, Dec 10, 2014 at 11:20 AM, Devdatta Akhawe <> wrote:
> I agree. local shim is a simple and easy solution. This works well
> with module systems like requirejs with path fallbacks
> ( I imagine we
> could modify requirejs to say "when using CDN, load with SRI, don't
> use SRI for fallback URIs"

I also agree. I think in the future, there should be a way to register
an event handler that can handle any failed load (CSP violation, SRI
failure, network error, etc.), where the handler can interrogate the
event object to learn the reason for the failure. Then the event
handler could retry the load from an alternative source and/or phone
home with an error report and/or do even more drastic things like
redirect to a fail-safe backup page.


Received on Thursday, 11 December 2014 00:05:24 UTC