I lean towards allowing SRI on HTTP resources from HTTPS contexts. Just treat as mixed display and phase in integrity as a hard requirement.
-
-
Engineering is the same: SRI is best practice for CDN hosted resources. The question is if it impedes or enables a path to HTTPS everywhere.
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.