Consider supporting an exclutions list

[BrianGenisio]

It would be nice if I were able to exclude a file from SRI from the config like I can with fingerprints. I have a file that I include (public/options.js) which allows for deployment-time configuration of the app, and it lives right next to index.html. This app can be deployed to many places, so it is a post-build configuration step.

So, my config would look like this:

fingerprint: {
    exclude: ['options.js']
},
SRI: {
    exclude: ['options.js']
}

For the time being, I'm just disabling it, but it would be nice to include it with everything else.

[jonathanKingston]

The way to exclude files is adding a blank file:

<script integrity="" ...

Also if you exclude it from fingerprinting that should exclude it also (not actually checked)?

[BrianGenisio]

Excluding it from fingerprinting does not exclude it from SRI. (I was already excluding my file from fingerprinting when I came across this issue on upgrade)

Adding an empty integrity="" attribute to app/index.html passed through, however, so as long as the browser will allow an empty integrity attribute, we should be good to go. Thanks.

[jonathanKingston]

Ah yes sorry, it is only used when the file isn't a relative path to ensure the code was actually part of the app.

Yup from part of the spec it was added to the: fetch specification which is why I am recommending that way mostly, as if browsers don't implement that their implementation will be broken.

So yeah, unless there was anything else I'm going to close this for now; thank you for raising though to check!