Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SRI: clarify the CORS requirement in security considerations (fixes #418) #485

Merged
merged 1 commit into from
Sep 28, 2015
Merged

SRI: clarify the CORS requirement in security considerations (fixes #418) #485

merged 1 commit into from
Sep 28, 2015

Conversation

fmarier
Copy link
Member

@fmarier fmarier commented Sep 23, 2015

No description provided.

@fmarier fmarier mentioned this pull request Sep 23, 2015
Closed
@fmarier fmarier added the SRI label Sep 23, 2015
@fmarier fmarier added this to the SRI-v1-LC milestone Sep 23, 2015
joelweinberger
joelweinberger reviewed Sep 25, 2015
View reviewed changes
specs/subresourceintegrity/spec.markdown
a cross-origin resource has certain content.

Attackers would attempt to load the resource with a known digest, and
watching for load failures. If the load fails, the attacker could surmise
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

nit: watching -> watch

@joelweinberger
Copy link
Contributor

lgtm % nits

@fmarier
Copy link
Member Author

fmarier commented Sep 25, 2015

Good catch @metromoxie! I've addressed both of these in my last push.

@devd
Copy link
Contributor

devd commented Sep 26, 2015

@jonathanKingston can you take a look, since you originally raised #418

@mozfreddyb
Copy link
Contributor

👍, but let's see if @jonathanKingston agrees.

@jonathanKingston
Copy link
Contributor

Sorry for super delayed response here; I read the content but never got back to feeding back.

This looks very strong to convey the message of why SRI can't openly do whatever we want. So yeah 👍 thanks @fmarier

fmarier pushed a commit that referenced this pull request Sep 28, 2015
Merge pull request #485 from fmarier/sri-issue418
73e50e6 
SRI: clarify the CORS requirement in security considerations (fixes #418)
@fmarier fmarier merged commit 73e50e6 into w3c:master Sep 28, 2015
@fmarier fmarier deleted the sri-issue418 branch September 28, 2015 21:36
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
SRI
Projects
None yet
Milestone
SRI-v1-LC
Development

Successfully merging this pull request may close these issues.
5 participants
@fmarier @joelweinberger @devd @mozfreddyb @jonathanKingston