On script/style pre-request checks, if the integrity hashes match then we skip source-based matching check. This means that script-src 'self' 'sha512-abc' passes the pre-request check for a cross-origin script with matching hash.
However, that would be blocked on post-request, since we have no logic for hashes there anymore.
As with nonces, I believe we would like to allow the request in this case.
On script/style pre-request checks, if the integrity hashes match then we skip source-based matching check. This means that
script-src 'self' 'sha512-abc'
passes the pre-request check for a cross-origin script with matching hash.However, that would be blocked on post-request, since we have no logic for hashes there anymore.
As with nonces, I believe we would like to allow the request in this case.