Re: [SRI] Call for Consensus: Subresource Integrity to Candidate Recommenation from Brad Hill on 2015-10-26 (public-webappsec@w3.org from October 2015)

From: Brad Hill <hillbrad@gmail.com>
Date: Mon, 26 Oct 2015 06:36:30 +0000
To: Devdatta Akhawe <dev.akhawe@gmail.com>, Joel Weinberger <jww@chromium.org>
Cc: Anne van Kesteren <annevk@annevk.nl>, Frederik Braun <fbraun@mozilla.com>, WebAppSec WG <public-webappsec@w3.org>
Message-ID: <CAEeYn8h8RNu-NU1_PW8r7D-h=nVOR_ZEKxmEos0KaRtLiYteOg@mail.gmail.com>

OK, great.  If there are no more objections, I'll make the publication
request.  It won't happen until next week because the W3C team is busy at
TPAC this week, but we are good to go.  Congrats!

On Sat, Oct 24, 2015 at 8:15 AM Devdatta Akhawe <dev.akhawe@gmail.com>
wrote:

> @brad Assuming this minor issue is resolved, what are the next steps?
> the cfc expired on 13 Oct 2015.
>
> ~dev
>
> On 22 October 2015 at 09:20, Joel Weinberger <jww@chromium.org> wrote:
> > Thanks, Anne. I'll write up a fix and CC you on it.
> > --Joel
> >
> > On Thu, Oct 22, 2015 at 1:32 AM Anne van Kesteren <annevk@annevk.nl>
> wrote:
> >>
> >> On Thu, Oct 22, 2015 at 1:51 AM, Joel Weinberger <jww@chromium.org>
> wrote:
> >> > Anne, can you confirm that this recent pull request
> >> > (https://github.com/w3c/webappsec-subresource-integrity/pull/4)
> >> > addresses
> >> > your concerns about isEligible()?
> >>
> >> Yeah. Though to nit the note is not entirely correct about "cors"
> >> since a same-origin request can have mode "cors" but will create a
> >> normal response, not a "cors" one.
> >>
> >>
> >> --
> >> https://annevankesteren.nl/
>

Received on Monday, 26 October 2015 06:37:09 UTC