Re: [SRI] To trust or not to trust a CDN

> I agree that that would be good, and that's exactly what would have happened
> if Frederik hadn't pointed out this issue before SRI were standardized. But,
> since we know about the issue now, I think it is reasonable to consider
> changes to the syntax that avoid the problem now, so that we don't end up
> with a bad syntax later.

I guess I see the header (in CSP or separate SRI header) mechanism as
something that can be easily added on later. Is there a particular
part of the current syntax that makes you think it won't be possible
to evolve the direction you envision?


Received on Thursday, 6 November 2014 04:35:56 UTC