Closed BrianGenisio closed 8 years ago
The way to exclude files is adding a blank file:
<script integrity="" ...
Also if you exclude it from fingerprinting that should exclude it also (not actually checked)?
Excluding it from fingerprinting does not exclude it from SRI. (I was already excluding my file from fingerprinting when I came across this issue on upgrade)
Adding an empty integrity=""
attribute to app/index.html
passed through, however, so as long as the browser will allow an empty integrity
attribute, we should be good to go. Thanks.
Ah yes sorry, it is only used when the file isn't a relative path to ensure the code was actually part of the app.
Yup from part of the spec it was added to the: fetch specification which is why I am recommending that way mostly, as if browsers don't implement that their implementation will be broken.
So yeah, unless there was anything else I'm going to close this for now; thank you for raising though to check!
It would be nice if I were able to exclude a file from SRI from the config like I can with fingerprints. I have a file that I include (
public/options.js
) which allows for deployment-time configuration of the app, and it lives right next toindex.html
. This app can be deployed to many places, so it is a post-build configuration step.So, my config would look like this:
For the time being, I'm just disabling it, but it would be nice to include it with everything else.