On 08/02/15 20:00, Devdatta Akhawe wrote: > I still believe we should fail open and then go with the SSL style > deprecation Brad suggested. I do as well. I think of SRI as similar to CSP in the sense that it adds (integrity) protection for clients that support it, but it doesn't block clients that don't support it. Unsupported directives in CSP trigger a browser warning but don't block the whole page. This is unlike mechanisms like TLS where a web author essentially says that if the user agent doesn't support XYZ, then the connection should be closed. FrancoisReceived on Monday, 9 February 2015 01:55:41 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:46 UTC