- From: Ilya Grigorik <ilya@igvita.com>
- Date: Tue, 23 Sep 2014 16:41:57 -0700
- To: Arjan Veenstra <arjan@veenstra.cx>
- Cc: public-webappsec@w3.org
- Message-ID: <CAKRe7JHqYg6LyT3M5KPHQXJAqU7S1gsm=8UdDnRUV90k3x7VwA@mail.gmail.com>
On Mon, Sep 22, 2014 at 11:24 AM, Arjan Veenstra <arjan@veenstra.cx> wrote: > content negotiation exists and is being used, as such I think the > standard should a least spend a few words on how to deal with that. I also > think it can be supported trivially without any loss of functionality. > Depending on the interpretation of the standard it might even be supported, > but as it stands the standard isn't explicit about it. > If I'm reading the current spec correctly, I think conneg should be covered: - 3.3.2 -> If resource is cachable by a shared cache, as defined in [RFC7234], return true. (i.e. valid for integrity validation) [1] - 3.4, 3.1.3.1 -> Set request’s Accept header value to the value of request’s integrity metadata’s content type. [2] To me, this implies that content negotiation is (implicity) supported.. also, we're extending Fetch, which I would expect to cover content negotiation? If not, that's a bug in Fetch. ig [1] http://w3c.github.io/webappsec/specs/subresourceintegrity/#is-resource-eligible-for-integrity-validation [2] http://w3c.github.io/webappsec/specs/subresourceintegrity/#modifications-to-fetch-1
Received on Tuesday, 23 September 2014 23:43:09 UTC