@lcamtuf: Oh, come on. You loved it on the list! @hillbrad @slightlylate
-
-
Replying to @mikewest
@mikewest@lcamtuf@slightlylate I would presume that a CORS policy would be required, of course.1 reply 0 retweets 0 likes -
Replying to @hillbrad
@hillbrad@mikewest@lcamtuf@slightlylate It was considered & rejected at Mozilla years ago. But, adding CORS makes it worth reconsidering.1 reply 0 retweets 0 likes -
Replying to @BRIAN_____
@BRIAN_____: There are a number of mitigations in the SRI spec. Needs quite a bit more discussion.@hillbrad@lcamtuf@slightlylate1 reply 0 retweets 0 likes -
Replying to @mikewest
@mikewest@hillbrad@lcamtuf@slightlylate Are you hinting that it is better to find an alternative to using CORS for this?1 reply 0 retweets 0 likes -
Replying to @BRIAN_____
@BRIAN_____: No, I think CORS is pretty reasonable. But I'm sure there are angles I haven't considered.@hillbrad@lcamtuf@slightlylate1 reply 0 retweets 0 likes
@mikewest @hillbrad @lcamtuf @slightlylate Yes. Just using current CORS would give the SRI-using domain more power than necessary for SRI.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.