- From: Frederik Braun <fbraun@mozilla.com>
- Date: Mon, 12 Sep 2016 08:12:07 +0200
- To: public-webappsec@w3.org
On 10.09.2016 01:23, Francois Marier wrote: > This decision "require-sri" makes more-or-less unusable until SRI > supports these extra mechanisms. That's OK given that nobody is using it > now and that they can just wait until it's ready. This isn't really a problem of the SRI spec[1] Whoever invents MegaWorkers, should use fetch for their networking. fetch requests have associated integrity metadata (which default to an empty string) [2]. MegaWorkers has to figure out how fetch options should be passed on. [1] But it is certainly a problem of the SRI editors. It is on us to reach out to other spec authors about fetch options in their APIs. [2] https://fetch.spec.whatwg.org/#requests
Received on Monday, 12 September 2016 06:12:38 UTC