Re: [SRI] require-sri-for: missing integrity metadata? same-origin loads?

On 10.09.2016 01:23, Francois Marier wrote:
> This decision "require-sri" makes more-or-less unusable until SRI
> supports these extra mechanisms. That's OK given that nobody is using it
> now and that they can just wait until it's ready.

This isn't really a problem of the SRI spec[1]

Whoever invents MegaWorkers, should use fetch for their networking.
fetch requests have associated integrity metadata (which default to an
empty string) [2].
MegaWorkers has to figure out how fetch options should be passed on.



[1] But it is certainly a problem of the SRI editors. It is on us to
reach out to other spec authors about fetch options in their APIs.

[2] https://fetch.spec.whatwg.org/#requests

Received on Monday, 12 September 2016 06:12:38 UTC