-
Notifications
You must be signed in to change notification settings - Fork 147
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
SRI: support for multiple hashes with the same algorithm #367
Comments
There is this:
Do you feel we should clarify this further somewhere else? |
This is related to the feedback I got during my presentations of SRI. If you want to mix both, you have to supply 4 hashes (v1 sha256, v1 sha512, v2 sha256 and v2 sha512). At least that's how I interpreted the standard. Anyhow, I guess we could phrase it differently in the spec. |
That's also how I interpreted the standard (and implemented it for that matter). |
@metromoxie can you also confirm that you added support for an array of hashes? If so, we can close this out and ideally just fix it via a test case. |
Yes, have have multiple hashes. See https://code.google.com/p/chromium/codesearch#chromium/src/third_party/WebKit/LayoutTests/http/tests/security/subresourceIntegrity/subresource-integrity-allowed-multiple-hashes.html&sq=package:chromium for our LayoutTest that covers the two different kinds of cases we're talking about above. |
since both readers of the spec understood it correctly and both have tests in place, I am closing this . |
There does not appear a way to specify multiple hashes with the same algorithm. This may be useful in load-balancer situations where a phased rollout may mean some requests return different data from others.
The text was updated successfully, but these errors were encountered: