Re: [SRI] What should we Hash Redux

On Wed, Jul 2, 2014 at 11:58 PM, Devdatta Akhawe <dev.akhawe@gmail.com> wrote:
> What to others think? Is there any difference between the new Fetch spec and
> what SRI wants to hash? I couldn't see one, but maybe I am wrong.

Per HTTP the payload body is a message body with any content codings removed.

It seems what you want to hash depends a bit on the API. Most APIs on
the platform today, including XMLHttpRequest, expose the payload body.
fetch() exposes the message body (as a stream, though the only methods
available on that stream undo the content codings and give you the
payload body as a result). <a download> is likely not fully defined.
>From what I understood from bz it will depend on what is being
downloaded and what the file extension situation looks like...

Note that progress events also report about the message body (I just
noticed that Fetch is wrong about this as I confused payload and
message once more, my bad).


-- 
http://annevankesteren.nl/

Received on Thursday, 3 July 2014 09:13:06 UTC