Re: [SRI] Requiring CORS for SRI

On 07.05.2015 08:17, Francois Marier wrote:
> On 07/05/15 06:17, Tanvi Vyas wrote:
>> Requiring CORS is an unfortunate constraint because web developers
>> cannot use SRI on all the third-party javascript embedded on their
>> page.  They have to reach out to each third-party and ask that they set
>> the CORS header.
> 
> Thanks for raising this Tanvi. I'm also worried about the impact that
> this will have on adoption.

I am hopeful that we can tackle parts of this with outreach.
I'm not a great evangelist, but I started talking to the jQuery/MaxCDN
folks and I'm happy to bring this further.

A lot of other CDNs already send ACAO: *.

Received on Thursday, 7 May 2015 08:29:30 UTC