W3C home > Mailing lists > Public > public-webappsec@w3.org > May 2015

Re: [SRI] Requiring CORS for SRI

From: Anne van Kesteren <annevk@annevk.nl>
Date: Sat, 9 May 2015 07:13:04 +0200
Message-ID: <CADnb78inbaQMYYB98uJVTsEnu_Ya=8QHW0Qu1ivJkzwubkFpNg@mail.gmail.com>
To: Austin William Wright <aaa@bzfx.net>
Cc: Joel Weinberger <jww@chromium.org>, Wendy Seltzer <wseltzer@w3.org>, Frederik Braun <fbraun@mozilla.com>, WebAppSec WG <public-webappsec@w3.org>
On Fri, May 8, 2015 at 11:59 PM, Austin William Wright <aaa@bzfx.net> wrote:
> [I]t's not safe to use SRI as an
> excuse to relax existing security precautions: SRI supplements existing
> security, it doesn't replace existing security.

You cannot both argue that and argue for breaking SOP.

Received on Saturday, 9 May 2015 05:13:29 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:49 UTC