Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Subresource-integrity loading behaviour with malformed integrity hashes #666

Open
vogtm opened this issue May 30, 2024 · 0 comments
Open

Subresource-integrity loading behaviour with malformed integrity hashes #666

vogtm opened this issue May 30, 2024 · 0 comments

Comments

@vogtm
Copy link

vogtm commented May 30, 2024

While this might be quite a niche topic, it seems like an interop issue. I hope this is the right place to document it

Considering this simple setup:

<head>
  <link rel="stylesheet" href="demo.css" >
</head>

It's loading normally.

<head>
  <link rel="stylesheet" href="demo.css" integrity="..." crossorigin="anonymous">
</head>

The ressource will be allowed in Chrome, FF and Safari.

<head>
   <link rel="stylesheet" href="demo.css" integrity="sha256-AAA" crossorigin="anonymous">
</head>

The ressource will be blocked in all thre browers.

<head>
  <link rel="stylesheet" href="demo.css" integrity="sha256-..." crossorigin="anonymous">
</head>

The ressource will be allowed in Chrome and Safari but blocked in FF.

I wasn't really able to clearly pinpoint what should be the correct behaviour.
I think this is not completely clear and still in open discussion w3c/webappsec-subresource-integrity#120
But still a clear difference between browsers.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@vogtm