Hi, In regards to the SRI specification. https://www.w3.org/TR/SRI/ It seems more guidance / specific features could be promoted to support the secure fallback to local resources for legacy user agents. User agents not supporting the specification will load resources without checking their integrity. It may be possible to extend the specification in some way (which remains compatible with the draft, current user agents that support SRI and older user agents which don't). Perhaps a future version could support something like the below (or some other mechanisms to support graceful and secure fall back in case the CDN is not available, the user agent doesn't understand the new directive, etc.): <link rel="stylesheet" href="https://www.localsite.net/style.css" *exhref*="https://www.cndsite.net/product/v1.9.36/style.css" integrity="sha384-HashOmittedForBrevity==" crossorigin="anonymous"> Best Regards, Mhano HarknessReceived on Tuesday, 19 January 2016 13:59:30 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 18:54:54 UTC