Re: [SRI] Requiring CORS for SRI

On Sat, May 9, 2015 at 1:33 AM, Austin William Wright <aaa@bzfx.net> wrote:
>
>
> On Fri, May 8, 2015 at 10:13 PM, Anne van Kesteren <annevk@annevk.nl> wrote:
>>
>> On Fri, May 8, 2015 at 11:59 PM, Austin William Wright <aaa@bzfx.net>
>> wrote:
>> > [I]t's not safe to use SRI as an
>> > excuse to relax existing security precautions: SRI supplements existing
>> > security, it doesn't replace existing security.
>>
>> You cannot both argue that and argue for breaking SOP.
>
>
> Says who?
>
> Any anonymous, SRI'd request I can make to a remote server, I can proxy
> through my own server.

Reading https://annevankesteren.nl/2015/02/same-origin-policy would
help you respond to the actual reasons for SOP.

Received on Saturday, 9 May 2015 12:32:20 UTC