- From: Frederik Braun <fbraun@mozilla.com>
- Date: Mon, 16 Sep 2019 10:26:01 +0200
- To: Vibha Sethi <vsethi@verizonmedia.com>, public-webappsec@w3.org
Am 12.09.19 um 07:20 schrieb Vibha Sethi: > Hi, > > I had a question regarding SRI. Wondering if SRI supports report-only > mode where in if the signature for a given resource does not match, the > browser sends a report but does not block resource from getting loaded > on the page. > > Thanks, > Vibha Alternative to Francois' suggestion, you could intercept requests with a service worker and check their integrity manually against an object of pre-defined hashes per resource.
Received on Monday, 16 September 2019 08:26:27 UTC