- From: Anne van Kesteren <annevk@annevk.nl>
- Date: Thu, 3 Jul 2014 11:12:39 +0200
- To: Devdatta Akhawe <dev.akhawe@gmail.com>
- Cc: "public-webappsec@w3.org" <public-webappsec@w3.org>
On Wed, Jul 2, 2014 at 11:58 PM, Devdatta Akhawe <dev.akhawe@gmail.com> wrote: > What to others think? Is there any difference between the new Fetch spec and > what SRI wants to hash? I couldn't see one, but maybe I am wrong. Per HTTP the payload body is a message body with any content codings removed. It seems what you want to hash depends a bit on the API. Most APIs on the platform today, including XMLHttpRequest, expose the payload body. fetch() exposes the message body (as a stream, though the only methods available on that stream undo the content codings and give you the payload body as a result). <a download> is likely not fully defined. >From what I understood from bz it will depend on what is being downloaded and what the file extension situation looks like... Note that progress events also report about the message body (I just noticed that Fetch is wrong about this as I confused payload and message once more, my bad). -- http://annevankesteren.nl/
Received on Thursday, 3 July 2014 09:13:06 UTC