@lcamtuf: Oh, come on. You loved it on the list! @hillbrad @slightlylate
@hillbrad @mikewest @lcamtuf @slightlylate It was considered & rejected at Mozilla years ago. But, adding CORS makes it worth reconsidering.
-
-
@BRIAN_____: There are a number of mitigations in the SRI spec. Needs quite a bit more discussion.@hillbrad@lcamtuf@slightlylate -
@mikewest@hillbrad@lcamtuf@slightlylate Are you hinting that it is better to find an alternative to using CORS for this? -
@BRIAN_____: No, I think CORS is pretty reasonable. But I'm sure there are angles I haven't considered.@hillbrad@lcamtuf@slightlylate -
@mikewest@hillbrad@lcamtuf@slightlylate Yes. Just using current CORS would give the SRI-using domain more power than necessary for SRI.
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.