I wonder how this affects header-integrity computation for subresources. If a doc has <link rel=preload href=/a.js> and /a.js redirects to /b.js, then what was header-integrity before? What is it now? What will Chrome verify against? Low priority to investigate because I think we can consider this an unsupported use case if it doesn't work. I'm just curious if you know.
Same questions if /a.js redirects to //other.domain/b.js. Even lower priority until we implement cross-origin header-integrity support for sxg-rs (#82).
Non-blocking:
I wonder how this affects
header-integrity
computation for subresources. If a doc has<link rel=preload href=/a.js>
and/a.js
redirects to/b.js
, then what washeader-integrity
before? What is it now? What will Chrome verify against? Low priority to investigate because I think we can consider this an unsupported use case if it doesn't work. I'm just curious if you know.Same questions if
/a.js
redirects to//other.domain/b.js
. Even lower priority until we implement cross-origin header-integrity support for sxg-rs (#82).