Re: [SRI] Requiring CORS for SRI

On Fri, May 8, 2015 at 10:13 PM, Anne van Kesteren <> wrote:

> On Fri, May 8, 2015 at 11:59 PM, Austin William Wright <>
> wrote:
> > [I]t's not safe to use SRI as an
> > excuse to relax existing security precautions: SRI supplements existing
> > security, it doesn't replace existing security.
> You cannot both argue that and argue for breaking SOP.

Says who?

Any anonymous, SRI'd request I can make to a remote server, I can proxy
through my own server.

SOP is dead.

Received on Saturday, 9 May 2015 06:34:09 UTC