W3C home > Mailing lists > Public > public-webappsec@w3.org > September 2019

Re: Questions regarding SRI

From: Frederik Braun <fbraun@mozilla.com>
Date: Mon, 16 Sep 2019 10:26:01 +0200
To: Vibha Sethi <vsethi@verizonmedia.com>, public-webappsec@w3.org
Message-ID: <41f26fb3-d5cd-96a5-4b62-1de3e54f51cc@mozilla.com>
Am 12.09.19 um 07:20 schrieb Vibha Sethi:
> Hi,
> 
> I had a question regarding SRI. Wondering if SRI supports report-only
> mode where in if the signature for a given resource does not match, the
> browser sends a report but does not block resource from getting loaded
> on the page. 
> 
> Thanks,
> Vibha

Alternative to Francois' suggestion, you could intercept requests with a
service worker and check their integrity manually against an object of
pre-defined hashes per resource.
Received on Monday, 16 September 2019 08:26:27 UTC

This archive was generated by hypermail 2.3.1 : Monday, 16 September 2019 08:26:28 UTC