I wonder how this affects header-integrity computation for subresources. If a doc has <link rel=preload href=/a.js> and /a.js redirects to /b.js, then what was header-integrity before? What is it now? What will Chrome verify against? Low priority to investigate because I think we can consider this an unsupported use case if it doesn't work. I'm just curious if you know.
Same questions if /a.js redirects to //other.domain/b.js. Even lower priority until we implement cross-origin header-integrity support for sxg-rs (#82).
Non-blocking:
I wonder how this affects
header-integritycomputation for subresources. If a doc has<link rel=preload href=/a.js>and/a.jsredirects to/b.js, then what washeader-integritybefore? What is it now? What will Chrome verify against? Low priority to investigate because I think we can consider this an unsupported use case if it doesn't work. I'm just curious if you know.Same questions if
/a.jsredirects to//other.domain/b.js. Even lower priority until we implement cross-origin header-integrity support for sxg-rs (#82).