CSS fetch integration from Jonathan Kingston on 2016-09-27 (www-style@w3.org from September 2016)

From: Jonathan Kingston <jonathan@jooped.co.uk>
Date: Tue, 27 Sep 2016 02:15:09 +0000
To: www-style@w3.org, WebAppSec WG <public-webappsec@w3.org>
Message-ID: <CAKrjaaVu+Xrk2T+CpRq7A=qBn+jO50ScyMCSa-ZEXwZEjm3C5g@mail.gmail.com>

Hi WebAppSec and CSSWG,

As part of the latest SRI spec work, there is a desire to put SRI
capabilities within CSS[1]. However this would be made simpler with a
closer integration of CSS with the fetch API on any <url> type properties.

So I have started a draft [2], which I thought I would should share in it's
very rough stage to prevent it from stagnating.

The draft covers a rough direction of how all <url> types will behave when
integrated with CSS, it also covers some of the further specification of
how referrer headers are handled within CSS.

The draft also at the end covers the use of integrity and crossorigin URL
modifiers to be used in conjunction with the url data type to restrict sub
resources with the same checks as is possible in HTML.

Feel free to respond here on thoughts and file issues on Github [3].

Thanks

[1]
https://github.com/w3c/webappsec-subresource-integrity/issues/40#issuecomment-247964962
[2] https://jonathankingston.github.io/css-fetch-integration/
[3] https://github.com/jonathanKingston/css-fetch-integration/tree/gh-pages

Received on Tuesday, 27 September 2016 02:15:58 UTC