pwnall
commented
9 years ago @mozfreddyb Thank you for getting in touch!
I've been watching the Subresource Integrity work since it was announced on the Chromium mailing lists (since I posted this, I've become a committer there and learned some the ways in which progress happens on the Web).
I like the integrity attribute and how it works. I didn't like the variant that uses CSP headers, because it's more difficult to sort out a list of hashes.
I really like that you've thought about caching (Cache-Control: no-transform) and that the proposal covers Web Components, because of <link>.
I hope that you'll extend the integrity attribute to other resources that can be stored on CDNs. I'm primarily thinking of <img> but <audio> and <video> also come to mind.
Thank you very much for pushing Subresource Integrity though! I look forward to using it! :heart:
Hey!
A co-worker has shown me your repo and I noticed that your proposal seems like a parallel invention of what we are currently doing (or should I rather say finishing up?) with Subresource Integrity.
Please see the W3C Working Draft. The top will contain links to our mailing list, github repo, etc.
As I said earlier, we're mostly done and are asking for wide review, as this is going in browsers really soon (Firefox is getting it really soon, Chrome Nightly already has this.).
Looking forward to hearing your feedback!