- From: Brian Smith <brian@briansmith.org>
- Date: Wed, 10 Dec 2014 16:04:57 -0800
- To: Devdatta Akhawe <dev.akhawe@gmail.com>
- Cc: Frederik Braun <fbraun@mozilla.com>, "public-webappsec@w3.org" <public-webappsec@w3.org>
On Wed, Dec 10, 2014 at 11:20 AM, Devdatta Akhawe <dev.akhawe@gmail.com> wrote: > I agree. local shim is a simple and easy solution. This works well > with module systems like requirejs with path fallbacks > (http://requirejs.org/docs/api.html#pathsfallbacks). I imagine we > could modify requirejs to say "when using CDN, load with SRI, don't > use SRI for fallback URIs" I also agree. I think in the future, there should be a way to register an event handler that can handle any failed load (CSP violation, SRI failure, network error, etc.), where the handler can interrogate the event object to learn the reason for the failure. Then the event handler could retry the load from an alternative source and/or phone home with an error report and/or do even more drastic things like redirect to a fail-safe backup page. Cheers, Brian
Received on Thursday, 11 December 2014 00:05:24 UTC