- From: Frederik Braun <fbraun@mozilla.com>
- Date: Thu, 07 May 2015 10:28:59 +0200
- To: public-webappsec@w3.org
On 07.05.2015 08:17, Francois Marier wrote: > On 07/05/15 06:17, Tanvi Vyas wrote: >> Requiring CORS is an unfortunate constraint because web developers >> cannot use SRI on all the third-party javascript embedded on their >> page. They have to reach out to each third-party and ask that they set >> the CORS header. > > Thanks for raising this Tanvi. I'm also worried about the impact that > this will have on adoption. I am hopeful that we can tackle parts of this with outreach. I'm not a great evangelist, but I started talking to the jQuery/MaxCDN folks and I'm happy to bring this further. A lot of other CDNs already send ACAO: *.
Received on Thursday, 7 May 2015 08:29:30 UTC